Alcatel-Lucent Scalable IP Networks Student Guide

Alcatel-Lucent Scalable IP Networks

Module 0 — Introduction

Alcatel-Lucent C

onfidential for internal use only -- Do N

ot Distribute

Module 0 - 2Scalable IP Networks v1.00

Alcatel-Lucent Scalable IP Networks v1.1 Module 0 | 2 All rights reserved © 2006–2007 Alcatel-Lucent

Module Objectives

Course timelineCourse objectivesCourse prerequisitesCourse introduction


This course is part of the Alcatel-Lucent Service Routing Certification (SRC) Program. For more information on the the SRC program, see www.alcatel-lucent.com/src

To locate additional information relating to the topics presented in this manual, refer to the following:

Technical Practices for the specific product

Internet Standards documentation such as protocol standards bodies, RFCs, and IETF drafts

Technical support pages of the Alcatel website located at: http://www.alcatel-lucent.com/support

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent Scalable IP Networks — Timeline

Day 1Module 0 — IntroductionModule 1 — Internet OverviewModule 2 — 7x50 SR/ESS Components and CLI

Day 2Module 3 — Ethernet Overview Module 4 — IP Overview & Addressing

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent Scalable IP Networks — Timeline

Day 3Module 5 — Transport Layer OverviewModule 6 — IP Routing Module 7 — Link State Routing Protocols

Day 4Module 8 — BGP OverviewModule 9 — 7750 SR Services Overview

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent Scalable IP Networks — Objectives

After successful completion of this course, you should be familiar with:

The OSI protocol suiteKey functions of the Ethernet protocolKey functions of an IP networkThe IP address classes, IP subnet masking, and IP super-nettingConfiguration of IP addresses and subnet masks on router interfacesThe concepts of static and dynamic routingThe differences between IGP and EGP routing protocols

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent Scalable IP Networks — Objectives (continued)

Understand the differences between a distance vector protocol and a link state protocolUnderstand the basic operation of RIPUnderstand the basic operation of OSPFSuccessfully configure the various IGP protocolsUnderstand the basic operation of BGPv4Successfully configure BGPv4Understand TCP and UDP as transport protocolsUnderstand the various services offered by the 7750 SR

Alcatel-Lucent C


ot Distribute



Prerequisites and Follow-On

Suggested prerequisitesThere is no prerequisite for this course, however familiarity with binary arithmetic is an asset.

Suggested follow-on coursesBased on the material covered in this course, it is recommended that this course be followed with the Alcatel-Lucent IGP course.

ASIN examTo ensure full comprehension of the material covered in this course, it is recommended that the student register for and take the Alcatel-Lucent Scalable IP Networks exam following successful completion of this course.

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent Scalable IP Networks — Introduction

IP technology has exploded over the last decade. The technology has now infiltrated every facet of our lives. This 4-day course introduces the layer 2 and layer 3 technology that is used in the networking world.

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent Scalable IP Networks — Course Goal

Provide the participants with foundation knowledge of IP networking, its applications, and its implementation in an Alcatel-Lucent environment.

Alcatel-Lucent C


ot Distribute



Graphical Symbols and Icons

DA SA Type IP Data

10.1.1.1

Generic router

Table

Flow or lookup

Packet (showing detail)

Network Cloud System or loopbackInterface

Data plane

(dotted blue)

Control plane

(dashed red)

Physical link

(solid black)

PE

Customer site 1

Switch

Customer site 2Server

Workstation

User

1

These typical graphical symbols are used in this course.

Alcatel-Lucent C


ot Distribute



Administration

RegistrationFacility informationRestroomsCommunicationsMaterialsScheduleIntroductions

Name and companyExperience

Questions

Alcatel-Lucent C


ot Distribute

www.alcatel-lucent.com

3HE-02767-AAAA-WBZZA Edition 01

Alcatel-Lucent C


ot Distribute


Module 1 — Internet Overview

Alcatel-Lucent C


ot Distribute

Module 1 – page 2Scalable IP Networks v1.01


Module Objectives

After successful completion of this module, you should be able to:

Understand the layering concepts of network protocols Discuss the functions of the different layers of the TCP/IP protocol suiteIdentify some of the different protocols that operate at the different layersUnderstand the encapsulation process as data travels across the InternetCompare and contrast the OSI and TCP/IP layering models

Alcatel-Lucent C


ot Distribute

OSI Overview

Section 1 — Reference Model

Alcatel-Lucent C


ot Distribute



TCP/IP Protocols

Developed in the 1970s by pioneering network engineers Vinton Cerf and Bob KahnIntended to provide a common framework to allow the interworking of diverse network hardware and computer systemsIncluded in early releases of the UNIX operating systemDuring the 1980s, primarily used by U.S. universities and research institutionsDuring the 1990s, increasingly adopted by commercial enterprises Provides the underlying technological framework of the Internet today

Developed in the 1970s by pioneering network engineers Vinton Cerf and Bob Kahn.

Intended to provide a common framework to allow the interworking of diverse network hardware and computer systems.

TCP/IP was included in early releases of the UNIX operating system. This led to extensive use of TCP/IP at universities and other enterprises that used UNIX.

During the 1980s, primarily used by U.S. universities and research institutions. From 1986, the backbone of the Internet was primarily provided by the NSFnet, a government-sponsored network, and was not intended for commercial use.

Increasingly adopted by commercial enterprises during the 1990s. On April 30, 1995, the architecture was transitioned from the NSFnet backbone to the use of distributed interconnection or peering points.

Provides the underlying technological framework of the Internet today. As of June 30, 2006, it was estimated that there are 1.04 billion Internet users worldwide (http://www.internetworldstats.com/stats.htm).

Alcatel-Lucent C


ot Distribute



TCP/IP Layering

ApplicationServices

Transport

InternetProtocol

NetworkInterfaces

TCP/IP Layers

The purpose of a network protocol suite is to define the protocols and technologies that support the interconnection of a diverse array of hardware and systems to support the operation of a wide range of applications over the network. Anyone who has used an Internet application such as a web browser or e-mail can appreciate the complexity of the systems required to support these applications.

The layering of protocols provides a way to simplify this complex problem by segregating it into a number of smaller functions. Each layer performs a specific function that contributes to the overall functioning of the network. Protocol layers have the following benefits:

Simplify complex procedures into a structure that is easier to understand

Allow vendors to interoperate

Isolate problems from one layer that may be passed to other areas

Allow modular plug-and-play functionality

The TCP/IP protocol suite (or Internet protocol suite) is constructed around four layers of technology. The application layer provides all the services (for example, web browsing and e-mail) available to users of the Internet. The network interfaces layer includes all the hardware that comprises the physical infrastructure of the Internet. The two intermediate layers provide a common set of services that are available to all Internet applications and that operate on all the hardware infrastructure of the Internet.

Alcatel-Lucent C


ot Distribute



TCP/IP Layering — Application Layer

ApplicationServices

Transport

InternetProtocol

NetworkInterfaces

TCP/IP Layers

ApplicationUser interface to the network

User Applications• E-mail• Telnet• FTP• WWW

The application layer is the layer for the user. It is important to understand at this point that this layer only describes Network applications. Applications such as word processors and database programs are not considered network applications as they do not require network connectivity and are not part of this layer.

The figure above shows examples of network applications. Without network connectivity, these applications would be useless.

Alcatel-Lucent C


ot Distribute



TCP/IP Layering — Transport Layer

ApplicationServices

Transport

InternetProtocol

NetworkInterfaces

TCP/IP Layers

TransportCommunication between applications

• Reliable data transfer• Flow control• Sequencing of data

Transport protocols are the application’s interface to the network. The transport protocol provides a mechanism for an application to communicate with an application residing on another device in the network.

In the TCP/IP protocol suite there are two transport protocols: TCP and UDP. TCP is a connection-oriented protocol that provides an ordered and reliable transfer of data over the network. UDP is a connectionless protocol that supports the transfer of a single datagram across the network with no delivery guarantee. UDP is simpler and operates with less overhead than TCP.

Most Internet applications use TCP for data transfer because it provides a reliable transfer service. This includes HTTP (web browsing), e-mail, Telnet, and FTP. Some applications, such as DNS and SNMP, use UDP because they only require a simple datagram transfer, while RTP uses UDP to avoid the overhead of TCP and because there is no benefit in retransmitting lost packets for applications that use RTP.

Alcatel-Lucent C


ot Distribute



TCP/IP Layering — Internet Protocol Layer

ApplicationServices

Transport

InternetProtocol

NetworkInterfaces

TCP/IP Layers

Internet ProtocolCommon services and addressing

• Unique network addressing scheme to identify hosts• Routing protocols for path determination• End-to-end forwarding of datagrams

The Internet protocol layer provides a common addressing plan for all hosts on the Internet as well as a simple, unreliable datagram transfer service between these hosts. IP is the common glue that defines the Internet.

IP also defines the way a datagram (or packet) is routed to its final destination. In an IP network, the forwarding of packets across the network is handled by routers. IP routers examine the destination address of a datagram and determine which router is the next hop that will provide the best route to the destination (known as hop-by-hop routing). Routers communicate with each other using dynamic routing protocols to exchange information about the networks they are connected to. This allows routers to make forwarding decisions for the datagrams they receive.

Alcatel-Lucent C


ot Distribute



TCP/IP Layering — Network Interfaces

ApplicationServices

Transport

InternetProtocol

NetworkInterfaces

TCP/IP Layers

Network InterfacesPhysical transfer of data

• Ethernet• ATM• Frame Relay• PPP

The network interfaces layer comprises the hardware that supports the physical interconnection of all network devices. The technologies of this layer are often defined as multiple layers themselves. The common attribute of all technologies of this layer is that they are able to forward IP datagrams.

There are many different technologies that operate at this layer, some of which are very complex. Some of the protocols commonly used at this layer include ATM, frame relay, PPP, and Ethernet. However, there are many other protocols used; some are open standards and some are proprietary. The diversity of the network interfaces layer demonstrates one of the benefits of protocol layering. As new transmission technologies are developed, it is not necessary to make changes to the upper layers to incorporate these technologies in the network. The only requirement is that the new technology be able to support the forwarding of IP datagrams.

This layer is often referred to as “Layer 2” in reference to the data link layer of the OSI reference model (presented later).

Alcatel-Lucent C


ot Distribute



Application Encapsulation

ApplicationServices

Transport

InternetProtocol

NetworkInterfaces

TCP/IP Layers

From: [email protected]: [email protected]

Message Body

When a network application wants to communicate with another application across the network, it must first prepare its data in the specific format defined by the protocol to be used by the receiving application. A specific protocol is used so that the receiving application will know how to interpret the data it receives.

In the case of a mail message, the message consists of two parts, the message header and the body. The message header contains the sender’s and receiver’s addresses as well as other information such as the urgency of the message and the nature of the message body. The format of the header and the nature of the addresses is defined by the application protocol. In the case of a mail message, the protocol is SMTP.

In addition to defining the format of the message, the protocol also specifies how the applications are expected to interact with each other, including the exchange of commands and the expected responses.

To accomplish the transfer of the application’s data, the application uses the services of the transport layer.

Alcatel-Lucent C


ot Distribute



Transport Encapsulation

ApplicationServices

Transport

InternetProtocol

NetworkInterfaces

TCP/IP Layers


Message Body

Source: 1223Destination: 25

Message BodyHeader Body

The transport layer provides a service to transfer data between applications across a network. There are two transport protocols used on the Internet: TCP and UDP. For exchanging e-mail across the Internet, an e-mail application uses SMTP. SMTP uses TCP to accomplish the transfer. TCP provides a reliable transfer service so that the application does not have to be concerned about whether all data is properly transferred. UDP provides a simple, unreliable datagram delivery service (much like IP).

TCP treats all application data as a simple byte stream, including both the message header and the message body. TCP accepts the application’s data and breaks it into segments for transmission across the network as required. To accomplish this reliable transfer, TCP packages the application data with a TCP header. On the receiving end of the connection, TCP removes the TCP header and reconstructs the application data stream exactly as it was received from the application on the sender’s side of the network.

The TCP and UDP headers carry source and destination addresses that identify the sending and recipient applications because a single host system may support multiple applications. These addresses are known as port numbers. The TCP units of data are known as segments; UDP data is called a datagram.

To transmit its segments of data across the network, TCP uses the services of the IP layer.

Alcatel-Lucent C


ot Distribute



IP Encapsulation

ApplicationServices

Transport

InternetProtocol

NetworkInterfaces

TCP/IP Layers


Message Body



Source:138.120.191.122Dest.: 197.199.45.12

Header Header Body

The IP layer provides a common addressing scheme across the network as well as a simple, unreliable datagram forwarding service between nodes in the network.

Data from the transport layer is packaged in IP datagrams for transfer over the network. Each datagram travels independently across the network. The intermediate routers forward the datagram on a hop-by-hop basis based on the destination address.

Each datagram contains source and destination addresses that identify the end nodes in the network. Every node in an IP network is expected to have a unique IP address.

IP uses the services of the underlying network interfaces to accomplish the physical transfer of data.

Alcatel-Lucent C


ot Distribute



Data Link Encapsulation

ApplicationServices

Transport

InternetProtocol

NetworkInterfaces

TCP/IP Layers


Message Body



Source:138.120.191.122Dest.: 197.199.45.12

Header Header Body

DA: 00-D0-F6-A4-26-5CSA: 00-20-60-37-BB-5F

Hdr FCS

Hdr Hdr Body

The data link layer is the term used to describe the network interfaces used by IP for physically transmitting the data across the network. The units of data transmitted at the data link layer are usually known as frames. IP datagrams must always be encapsulated in some type of data link frame for transmission.

A typical data link frame contains a header, usually containing some type of address. The frame also often carries a trailer that contains some type of checksum to verify the integrity of the transmitted data. There are many types of technology used as network interfaces by IP, and they each have their own specific format and rules of operation. The common characteristic is that the technologies are all capable of carrying IP datagrams.

Most protocols at this layer also use some type of addressing. The address identifies the two endpoints of a data exchange to the data link protocol. For example, the figure above shows the addressing of an Ethernet frame. Some point-to-point protocols such as PPP may not use addresses if there is only one possible destination for the data.

Alcatel-Lucent C


ot Distribute



OSI — A History Lesson

Early 1970s — Canepa and Bachman at Honeywell Information Systems worked to develop a mechanism to distribute databases.Late 1970s — ISO and CCITT each developed a standard.1983 — The ISO and CCITT documents merged into the Basic Reference Model for Open Systems Interconnection.1984 — The merged document was published by both ISO and CCITT, with CCITT being renamed ITU-T (ISO 7498 and ITU-T X.200).Some OSI protocols (e.g., X.21 and ATM) competed with TCP/IP, but growth of the Internet caused IP to be adapted.

The OSI reference model was developed at the end of the 1970s, but the development of actual protocols to support the reference model was slow. By the early 1990s a number of OSI protocols (TP0-4, CLNS, CONS, X.400, and X.500) had been specified and commercial implementations attempted, but the success of TCP/IP and the weaknesses of OSI led to the complete adoption of TCP/IP for internetworking.

Alcatel-Lucent C


ot Distribute



OSI — Interesting Facts

Formed the basis of the OSI protocol suite, to create a widely adopted suite of protocols to be used by international networksThe 7-layer model created by Bachman and Canepa was the only model submitted to the ISO subcommittee in March 1978Introduced to compete with IBM’s SNA, due to the company‘s closed architecture

OSI was designed as an open standard to replace the strictly proprietary networking technologies that were in use in the 1970s (SNA was dominant, but many others were also in use). However, TCP/IP applications and implementations grew much more rapidly than OSI and by 2000, OSI was essentially replaced by TCP/IP.

The OSI reference model is widely used to describe the layering of network protocols, and much networking terminology derives from the OSI protocol suite. A few remnants of OSI are still in use; for example, LDAP, which is a derivation and simplification of X.500, and IS-IS, which was designed as an OSI routing protocol and was adapted to TCP/IP networks.

Alcatel-Lucent C


ot Distribute



OSI Model

OSI

Upper Layers

Lower Layers

Application

Presentation

Session

Transport

Network

Data Link

Physical

The OSI reference model represents a logical way of organizing how networks talk to each other so that all hardware and software vendors have an agreed-upon framework to develop networking technologies. By providing and using this model, the ISO has accomplished the following:

Simplifies complex procedures into an easy-to-understand structure

Allows vendors to interoperate

Provides the ability to isolate problems from one layer that may be passed to other areas

Allows a modular plug-and-play functionality

Provides an independent layer design

The OSI model is represented by the seven layers depicted in the figure above. These layers may be grouped into two main areas, defined simply as the upper and lower layers.

Although a single device (for example, a UNIX workstation) can execute all seven layers, this is not practical in real networks. The amount of traffic that needs to be moved through modern networks requires purpose-built devices that handle various layer functions. Two such examples are bridges, which are purpose-built for layer 2 operation, and routers, which are purpose-built for layer 3 operation.

Alcatel-Lucent C


ot Distribute



TCP/IP Suite vs. OSI

ApplicationServices

Transport

InternetProtocol

NetworkInterfaces

TCP/IP Suite

Application

Presentation

Transport

Data Link

OSI

Session

Network

Physical

The TCP/IP suite differs from the OSI model in that the TCP/IP suite uses four protocol layers and the OSI model uses seven layers. The figure above roughly shows the protocol layer relationship between the two models.

Network Interfaces — This layer is used to define the interface between hosts and contains the functionality of both the physical and data link layers of the OSI model. Protocols such as Ethernet describe both the framing of data (layer 2) and the physical transmission of the frame over the media (layer 1). This layer is often referred to as layer 2 or L2 because it provides OSI layer 2-type services to the IP layer.

Internet Protocol — The IP layer provides a universal and consistent forwarding service across a TCP/IP network. IP provides services comparable to the OSI network layer and is sometimes referred to as a layer 3 (or L3) protocol. The OSI protocol CLNP corresponds most closely to IP.

Transport — The transport layer comprises two main protocols, TCP and UDP. These transport protocols provide similar services to the OSI transport protocols. TCP is very similar to the OSI transport protocol, TP4. TCP and UDP may be referred to as layer 4 protocols.

Application Services — The application services provide end-user access to the Internet. Any of the services of the upper three OSI protocols that are required are incorporated into the application protocols. There are a number of Internet protocols that provide services similar to these OSI layers, although they do not follow the layering or service definitions of OSI. For example, TLS provides session-like services to Internet applications and MIME provides presentation-like services to SMTP and HTTP. Application layer protocols are sometimes referred to as layer 7 protocols.

Alcatel-Lucent C


ot Distribute

OSI Overview

Section 2 — Network Devices

Alcatel-Lucent C


ot Distribute



Network Devices — Examples

Switch Router

Hub

Repeater

The figure above shows some different network devices. The major difference between them is the OSI layer that each of the devices operates at.

L1 Physical Layer — With regard to the figure above, the repeater and the hub are considered to be layer 1 devices. These devices normally have no intelligence. The devices simply take whatever traffic comes in and send it out with no decision-making.

L2 Data Link Layer — In the figure above, the switch is the layer 2 device. The switch makes intelligent forwarding decisions based on the data link address, whether it be a MAC address, VPI/VCI, or DLCI. An Ethernet switch also dynamically learns the MAC addresses of the hosts in its LAN. Data on a switch is divided into collision domains (a port on a switch represents a single collision domain). However, the switch and all its ports reside in one broadcast domain.

L3 Network Layer — The most common layer 3 device is a router. The router makes intelligent forwarding decisions based on the network layer address. As in a switch, each port on a router is a single collision domain. However, each port on a router is also a single broadcast domain. Therefore, traffic crossing from one broadcast domain to another broadcast domain must go through a router.

Alcatel-Lucent C


ot Distribute



Layer 1 Devices

A repeater retransmits the Ethernet signal down a wire and amplifies it to be used again. The repeater extends the reach ofEthernet in a LAN.A hub works exactly like a repeater, with the exception that it functions less as a distance extender and more like a port concentrator of several hosts in one physical area.

HubRepeater

Alcatel-Lucent C


ot Distribute



Layer 1 Devices — Repeater

Connects network segmentsRetimes and regenerates signals to proper amplitudesDisadvantage — propagation delay due to broadcastingDisadvantage — physical limit to the number of repeaters used

Repeater

Alcatel-Lucent C


ot Distribute



Layer 1 Devices — Hub

A single Ethernet segment device that can operate at 10/100/1000 MbCan act as a repeaterDisadvantage — Same as repeaterUsed in small home networks or isolated segments in larger networks

Hub

Alcatel-Lucent C


ot Distribute



Bridging and Bridges

Bridging is a layer 2 (L2) concept. Bridging is primarily associated with Ethernet.A bridge (or switch) operates at L2 of the OSI model.A bridge is an intelligent device that does an L2 address lookup.

OSI Model

Bridge

Application

Presentation

Session

Transport

Network

Data Link

Physical

L2 Network Device

Bridge

Alcatel-Lucent C


ot Distribute



Switches

A switch is a multiple Ethernet segment device that can have dedicated 10/100/1000 Mb ports.Traffic in isolated segments is “switched” via a high-speed, bandwidth-dedicated backplane called a “fabric”.The majority of modern switches function in store/forward.

Switch

L2 Network Device

A store/forward switch requires the whole Ethernet frame (packet) to be received before it can be forwarded. Although this may suggest higher network latencies due to larger frame sizes, high-speed switching hardware and interfaces mean that this is usually not a problem.

Alcatel-Lucent C


ot Distribute



A router, unlike a bridge, operates up to L3 of the OSI model.A router connects two different network segments.

Routing

OSI Model

Router

L3 Network Device

Router

Application

Presentation

Session

Transport

Network

Data Link

Physical

Basic router functions:• Examine the IP header of the incoming packet for

the destination IP address• Look up this address in its routing table• Determine the best path to the destination IP

address• Determine the egress interface for the above path • Forward the data out of this egress interface

L3 Devices — Routers

Alcatel-Lucent C


ot Distribute



ETHERNET

IP

TCP/UDP

DATA

ATM

IP

TCP/UDP

DATA

Ethernet

Ethernet/ ATM

ETHERNET

IP

TCP/UDP

DATA

ETHERNET

IP

TCP/UDP

DATA

DATA

POS

IP

TCP/UDP

DATA

ETHERNET

IP

TCP/UDP

PPP

IP

TCP/UDP

DATA PPP

1

10 9

6

43

2

8

5

7

L2 Encapsulations

Encapsulated data enters the ingress Ethernet switch on the top left via Ethernet interface 1 and leaves the switch via interface 2. Because both the ingress and egress interfaces for the Ethernet switch are Ethernet line cards, the Ethernet switch simply transmits the Ethernet frame, unchanged, out the egress interface. The data frame is still referred to as an Ethernet frame or layer 2 frame.

When the L2 frame reaches the router at interface 3, the router strips off the Ethernet header, looks into the next encapsulation, which is the IP header, and forwards the frame based on the IP header only via interface 4.

Basic router functions:

1. Examine the IP header of the incoming packet for the destination IP address.

2. Look up this address in its routing tables.

3. Determine the best path described in the routing table for the destination IP address.

4. Determine the egress interface for the above path.

5. Forward the data out of this egress interface.

Assuming that the next router decides to forward this data packet out of interface 6 because this interface is connected to a PPP-based L2 switch, egress interface 6 of the router encapsulates the IP frame with a PPP header and sends the data to the PPP device.

If the router decides to forward the data packet via interface 7, to the next router and then out to interface 8, the egress interface at 8 would add an ATM header to the IP frame because it is connected to ATM interface 9 on the Ethernet/ATM switch.

Note: Although only the IP header is relevant during the routing of the data packet, the data packet is encapsulated at router interfaces 4, 5, and 7 by the appropriate L2 headers.

Alcatel-Lucent C


ot Distribute



Module Summary

TCP/IP and OSI protocol suites provides a common framework to allow the interworking of diverse network hardware and computer systemsTCP/IP protocol suite has 4 layers:

Application ServicesTransportInternet ProtocolNetwork Interfaces

Alcatel-Lucent C


ot Distribute



Module Summary (cont’d)

OSI protocol suite has 7 layers:ApplicationPresentationSessionTransportNetworkData LinkPhysical

Routers are layer 3 devices, switches are layer 2 devices and hubs & repeaters are layer 1 devicesAt each layer of the TCP/IP or OSI suite data is encapsulated in the appropriate format

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. Which of the following applications fall under the application layer of the OSI model? (Select all that apply)A. MS WordB. TelnetC. NotepadD. FTP

2. Which layer is responsible for providing reliable communications?A. SessionB. ApplicationC. Physical D. TransportE. NetworkF. Data linkG. Presentation

Alcatel-Lucent C


ot Distribute



Learning Assessment (continued)

3. Which of the following devices operate at the physical layer? (Select all that apply)A. RouterB. RepeaterC. HubD. Switch

4. Which of the following are layer 2 encapsulations?(select all that apply)

A. ATMB. PPPC. IPD. Ethernet

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent C


ot Distribute


Module 2 —7x50 SR/ESS Components and CLI

Alcatel-Lucent C


ot Distribute



Module Objectives


Understand the hierarchical structure of the 7x50 CLI Understand basic CLI commandsUnderstand the concepts of configuring the hardware of the 7x50 product lineUnderstand the physical access options of the 7x50Understand basic system configurationUnderstand the purpose of the BOF

Alcatel-Lucent C


ot Distribute

7x50 SR/ESS Components and CLI

Section 1 — Hardware Configuration

Alcatel-Lucent C


ot Distribute



Alcatel 7450 Ethernet Service Switch Group

Integrated switch fabric/control, IOM, and power

20 Gb/s full duplexsystem capacity

Two 10 Gb/s MDAsOver-subscription of

some MDAs availablePower redundancy

7 Slots (5 IOM, 2 SF/CPM)100 Gb/s full duplex system capacity 200 Gb/s switch fabric/ controlFabric/control redundancyFive 20 Gb/s IOMsTen 10 Gb/s MDAsOver-subscription of some MDAs availablePower redundancy

Slot

MDA

1 2

12345AB

ESS-7ESS-1

Alcatel-Lucent C


ot Distribute



Alcatel 7450 Ethernet Service Switch Group

10 Slots (10 IOM, 2 SF/CPM)400 Gb/s full duplex system capacity 400 Gb/s switch fabric/ controlFabric/control redundancyTen 20/40 Gb/s IOMsOver-subscription of some MDAs availablePower redundancy

6 Slots (4 IOM, 2 SF/CPM)80 Gb/s full duplex system capacity 80 Gb/s switch fabric/ controlFabric/control redundancy4 10/20 Gb/s IOMsOver-subscription of some MDAs availablePower redundancy

ESS 6

ESS 12

Alcatel-Lucent C


ot Distribute



Alcatel 7750 Service Router Family

• Three chassis options – 1, 7, and 12 slots• Carrier-class reliability combined with high

density in a small footprint• System capacities scalable from 20 Gb/s to

200 Gb/s• Modular design for the SR-7 and SR-12–removable IOM, SF/CPM,

and MDAs• Common operating system

12345AB

Slot

MDA

1 2

SR-7

MDA

1 2

A1 SR-1

Slot

1 2 3 4 5 A B 6 7 8 9 10

1

MDA

2

SR-12

Alcatel-Lucent C


ot Distribute



Alcatel 7750 SR SF/CPM Cards

Redundant SF/CPMs supported on

SR7 and SR12

Alcatel-Lucent C


ot Distribute



Alcatel 7750 SR IOM, MDAs, and SFPs

Small Form-Factor Pluggable (SFP) optics

2 MDAs per IOM

10 IOMs per SR-125 IOMs per SR-7

IOMs and MDAs are hot-swappable

IOM - Input/Output Module

IOMs are hot-swappable modules responsible for connecting to standard physical interfaces. It contains two 10Gbps traffic-processing programmable fast path complexes. Each complex supports a pluggable Media Dependent Adapter (MDA) that allows a common programmable fast path to support all of the possible interface types. The IOM also contains a CPU section for managing the forwarding hardware in each flexible fast path.

MDA - Media Dependent Adapters

MDAs provide one or more physical interfaces, such as Ethernet, ATM or SONET/SDH. MDAs pass incoming packets to the IOM for processing, and transmits outgoing packets out the appropriate physical interface in the correct format.

SFP – Small Form Factor Pluggable interfaces

SFPs transceivers are small optical modules available in a variety of formats.

Alcatel-Lucent C


ot Distribute



Alcatel 7x50 Service Router System Components

Switch Fabric

Control Plane

Media Dependent

Adapter(MDA)

Flexible Fast Path Complex

CPU

Media Dependent

Adapter(MDA)


CPU

CPU

FFPC

Media Dependent

Adapter(MDA)


I/O Module

CPU

Media Dependent

Adapter(MDA)


Control Plane

SF/CPM Module

Data plane operationData coming in from the remote network/customer site, ingresses through the Media dependent adapters, where the data is formatted (internal format). The data is then processed in the I/O module where the decision to switch happens (L2/L3 Forwarding information lookup) and the data packets are sent to the switch fabric. The switch fabric then forwards the data to the appropriate IOM from where its sent to the appropriate MDA.

The data plane operation happens after the control plane has built the forwarding information and stored them in the IOM.

Control plane operationControl messages ingress the 7x50 in a manner similar to the data packets, except they are processed further by the control plane.

Alcatel-Lucent C


ot Distribute



Comparisons between the 7450 ESS and 7750 SR

MDA

RedundancyPwr/Control

Platforms

Purpose

Type

All Ethernet, ATM, POS, DS3/OC3 channelized

Ethernet, POS

SR-7 and SR-12ESS-6,7 and ESS-12

SR-1, SR-7, SR-12ESS-1, ESS-6, ESS-7 and ESS-12

Support Ethernet, ATM, Frame relay and VPRN services

Primarily designed to support Ethernet aggregation services

7750 Service Router7450 Ethernet Service Switch

Alcatel-Lucent C


ot Distribute


Section 2 — CLI Commands

Alcatel-Lucent C


ot Distribute



Command Line Interface

Alcatel’s 7750 SR CLI is a command-driven interface accessible through the console, Telnet and SSH. The CLI is used for configuration and management of 7750 SR routers.The CLI command structure is a hierarchical inverted tree.The highest level is root.Navigation down the hierarchy tree is performed by typing the names of submenus.Global commands can be used anywhere in the hierarchy.

The Alcatel 7750 SR CLI is a command-driven interface accessible through the console, Telnet and SSH. The CLI can be used for the configuration and management of 7750 SR routers.

The 7750 SR CLI command tree is a hierarchical inverted tree. At the highest level is root. Below root are other levels with the major command groups; for example,

configuration commands and show commands are levels below root.

To move up in the hierarchy, enter the command node name (sometimes a parameter must be provided).

Navigate down the tree by typing the name of the successively lower contexts. For example, typing ‘configure’ or ‘show’ at the root level navigates down to the ‘configure’ or ‘show’ context, respectively. Global commands, such as back, exit, info, and tree, can be entered at any level in the CLI hierarchy.

Sometimes the context can be specified in a specific context with a single keyword, such as:

SR>config# router

SR>config>router#

Sometimes a keyword and a user-supplied identifier are required:

SR>config>router# interface system

SR>config>router>if#

Viewing the CLI Tree StructureYou can view the hierarchical CLI command structure below your current position with the tree and tree detailcommands.

Displaying Configuration ContextsUse the info and info detail commands to display information about the current context level.

info displays non-default information

info detail displays all configuration information, including defaults

Alcatel-Lucent C


ot Distribute



CLI Command Prompt

Example of configuring OSPF:

SR1>config>router>ospf#

Example of creating a new router interface:

SR1>config# router interface Toronto SR1>config>router>if$ address 131.131.131.1/30

Host name SR1 Context separator

At the end of the prompt, there is either a pound symbol (#) or a dollar symbol ($). A # symbol at the end of the prompt indicates that the context is an existing context. A $ symbol at the end of the prompt indicates that the context has been newly created.

Alcatel-Lucent C


ot Distribute



Command Completion

Command completion can be achieved by:

1. Abbreviation, if the keystrokes entered are unique.SR1>config>router>os [ENTER]SR1>config>router>ospf#

2. Tab Key or Space Key to automatically complete the command.SR1>config>router>os [TAB]SR1>config>router>ospf

SR1>config>router>os [SPACEBAR]SR1>config>router>ospf

If a match is not unique, the CLI displays possible matches:SR1>config# ro [TAB]

router router-ipv6SR1>config# router

The system maintains a history of previously entered commands. The history command displays the previous 30 commands entered.

Alcatel-Lucent C


ot Distribute



CLI Navigation

Console Control CommandsConsole control commands are used for navigating a CLI session and displaying information about a console session. The following is a list of some of the more commonly used global commands (see next page for additional commands):<Ctrl-c> Aborts the pending command<Ctrl-z> Terminates the pending command line and

returns to the root contextecho Echoes the text that is typed (primary use is to

display messages in an exec file)

When you enter a CLI command, you move from one command level to another. When you start a CLI session, you begin in the root context. Navigate to another level by entering the name of successively lower contexts. For example, enter either the configure or show commands at the root level to navigate to the config or show context, respectively.

Other navigation methods include:

Move down the hierarchy by entering the level; for example, config.

Move up one level in the hierarchy by entering the keyword back.

Move several levels down in the hierarchy by entering multiple contexts separated by spaces. For example: #config router ospf

See Console Control Commands below for explanations of exit, exit all and <Ctrl-z>.

Some contexts are specified with a single keyword, such as router, and others require a keyword and a user-supplied identifier such as interface interface-name.

Console Control Commands

Console control commands are used for navigating in a CLI session and for displaying information about a console session. Many of these commands are global commands, which means they can be executed at any level of the CLI hierarchy.

The following are some of the more commonly used global commands (see the next page for additional commands):

<Ctrl-c> Aborts the pending command

<Ctrl-z> Terminates the pending command line and returns to the root context

— This is a special keyboard sequence that acts like pressing the <Enter> key and entering exit all to return the user to the root context.

back Navigates the user to the parent context

echo Echoes the text that is typed (primary use is to display messages within an exec file)

exec Executes the contents of a text file as if they were CLI commands entered at the console

exit Returns the user to the previous higher context

exit all Returns (moves up) the user to the root context

help Displays a brief description of the help system

? Lists all commands in the current context

history Displays a list of the most recently entered commands (like history in UNIX shell environments)

info Displays the running configuration for a configuration context

Alcatel-Lucent C


ot Distribute



CLI Navigation (continued)

back Brings you back one contextexit all Brings you back to the root levelup/down arrow Lists previous command(s) to be repeated tree Shows available commands from context

SR1>config>router>ospf# tree ospf

|

+---area

| |

| +---area-range

| |

| +---blackhole-aggregate| |

| +---interface

| | |

| | +---advertise-subnet

| | |

Alcatel-Lucent C


ot Distribute



CLI Navigation (continued)

The shutdown command can be used to disable protocols and interfaces. The no form of any command may have one of two results:

The removal from the configuration (i.e., no ospf). Reset to default settings (i.e.,config>ospf>area>interface>no hello-interval)

The shutdown command does not change, reset, or remove any configuration settings or statistics. Many objects must be shut down before they can be deleted. A shutdown is saved in the configuration file. All ports are shut down by default when the system is first powered on.

To restore the settings after issuing a no command, you must reconfigure the router, reboot from a configuration file that has the correct configuration, or do an exec command on a configuration file that contains the correct settings. You can use an exec command to process a configuration file and restore the configuration stored in the file.

Alcatel-Lucent C


ot Distribute



Info provides info on the configurationlogout Terminates the CLI sessionoam OAM test suite (see the Service OAM section of the 7750 SR OS

Services Guide)password Changes the user CLI login password

Note: Not a global command; must be entered at the root level.ping Verifies the reachability of a remote hostpwc Displays the present or previous working context of the CLI

sessionsleep Causes the console session to pause operation (sleep) for 1

second or for the specified number of seconds (primary use is tointroduce a pause during the execution of an exec file)

ssh Opens a secure shell connection to a hosttelnet Telnet to a hosttraceroute Determines the route to a destination addresstree Displays a list of all commands at the current level and all

sublevelswrite Sends a console message to a specific user or to all users with

active console sessions

CLI Global Commands

Refer to the 7750 SR OS System Guide for detailed information about CLI commands and navigation.

Alcatel-Lucent C


ot Distribute



alias Enables the substitution of a command line by an alias

create Enables the create parameter check

more Configures whether CLI output should be displayed 1screen at a time, awaiting user input to continue

reduced-prompt Configures the number of higher-level CLI contextlevels to display in the CLI prompt

terminal Configures the terminal screen length for the current CLIsession

time-display Specifies whether time should be displayed in local or UTC format

CLI Environment Commands

CLI environment commands are used to customize session preferences for a single CLI session.


Alcatel-Lucent C


ot Distribute



Help Displays a brief description of the help system

? Lists all commands in the current context

string ? Lists all commands available in the current context that start with string

command ? Displays the command’s syntax and associated keywords

command keyword ? Lists the associated arguments for keyword in command

string <Tab> Completes a partial command name (auto-completion) or listsstring <Space> available commands that match string

Help Edit Displays help on editing (editing keystrokes)Lists the available editing keystrokes

Help Globals Displays help on global commandsLists the available global commands

Finding Help

The tree and tree detail system commands are help commands that are useful when you search for a command in a lower-level context.


Alcatel-Lucent C


ot Distribute



File System CLI Context

File system is DOS based and is used to store software image, configuration files and event logsFile commands can be used to create, copy, move, remove files and directories

RootFile Attrib

CdCopyDeleteDirMdMoveRdScpTypeVersion

Displays the version of a 7750 SR OS cpm.tim or iom.tim file.version

Display the contents of a text file.type

Copies a file from the local files system to a remote host on the network. scp uses ssh for the data transfer, and uses the same authentication and provides the same security as ssh.

scp

Moves a local file, system file, or a directory. If the target already exists, the command fails and an error message displays.

move

Deletes the specified file. The optional wildcard (*) can be used to delete multiple files that share a common (partial) prefix and/or (partial) suffix.

Delete

Alcatel-Lucent C


ot Distribute


Section 3 — Boot Process

Alcatel-Lucent C


ot Distribute



Basic Boot Up components

Uses a Boot Option File (BOF) to start the systemStored in the compact flash CF3Other components required for startup

Boot loaderBOF configuration fileTiMOS-m.n.Y.Z software image fileDefault config file

Basic Operating SystemThe 7750 SR does not use a BOOT PROM to start the system; instead, it uses a Boot Option File (BOF).

Each new system is shipped with a Compact Flash (CF) card that contains the files required to start a 7750 SR system. The system files are stored on CF3 and that is where the system looks for the files when initializing.

The CF3 card contains the following directories and files located off of the root directory:

Boot.ldrThis file contains the system bootstrap image.

Bof.cfgThe Bof.cfg file is user configurable and contains information such as:

Management port IP address

Location of the image files (primary, secondary, and tertiary)

Location of the configuration files (primary, secondary, and tertiary)

TiMOS-m.n.Y.zThis is a directory this is named according to the major and minor software release, type of release and version.

For example, if the software release is Version 1.2 of a released software version the name would be:

TiMOS 1.2.R.0

On an SR7, and SR12 this directory contains two files, cpm.tim and iom.tim, for the SF/CPM and IOM cards respectively. Since the SR-1 has an integrated fabric/control and I/O, there is only one file, named both.tim.

Config.cfgThis file contains the default configuration file. The default configuration file is very basic and provides just enough information to make the system operational.

You can create other configuration files and point the system to them using the bof.cfg file.

Alcatel-Lucent C


ot Distribute



Software Release Media

Root

config.cfg TiMOS-m.n.Y.z

cpm.tim iom.tim

boot.ldr

Bootstrap Image

Default Configuration

File

CPMImage

File

bof.cfg

Boot Option

File

IOMImage

File

m Major release number n Minor release numberY A Alpha Release

B Beta ReleaseM Maintenance Release R Released SoftwareI Internal Engineering and Test Release

z Version number.

Alcatel-Lucent C


ot Distribute



System Initialization

START

Load & Execute boot strap loader

(cf3:\boot.ldr)

Processboot option file(cf3:\bof.cfg)

InitializeHardware

Waitrequired

Get runtime image(3 possible locations)

YN

Get config(3 possible locations)

Image OK ?

StartupFailed

N

Y

Config found ?

Boot with DefaultsSNMP shutdown

Issue TrapIssue Log entry

Issue Console msg

N

NeedPersistence

?

Y

Config FileProcessed OK

Log InPrompt

N

Y

Y

NPersistenceFile Processed

OK

Y

NUser intervention point:

1

User activity detected

SNMP shutdownIssue Trap (if possible)

Issue Log entryIssue Console msg

Processpersistence

andConfiguration

files

1

ProcessConfig File

The configuration file includes chassis, IOM, MDA, and port configurations, as well as system, routing and service configurations.

PersistenceYou can configure the BOF to turn persistence On or Off (default is Off). Persistence is required if the 7450 is managed by the 5620 SAM network manager. When persistence is turned on the 7450 SR creates an index file with the same file prefix name as the current configuration file. The index file contains variable index information (i.e. interface indexes, LSP ids, path ids, etc.). The index file is built dynamically by the 7450 operating system and does not contain configuration information entered by users. The index file is saved whenever the system configuration file is saved.

The index file ensures that the 5620 SAM has the same index data as the 7450 ESS node after a system reboot. If a 7450 reboots and the indexes stored on the SAM do not match the node indexes, a complete re-synchronization between the node and the SAM takes place automatically. This can be a very time consuming and processor intensive operation.

If a node reboots with persistence turned on, it must locate the persistence index file and successfully process it before processing the system configuration file.

If the index file cannot be processed for some reason, the system performs an SNMP shutdown (Get and Set functionality is disabled), however traps will continue to be issued. The system issues traps, log messages, and console messages to advise the user. It requires a no shutdown SNMP to reactivate full SNMP functionality.

Alcatel-Lucent C


ot Distribute



Boot Options File

Stores parameters that specify the location of the image filename that the router will try to boot from and the configuration file that the router uses to configure the applications and interfacesThe most basic BOF configuration should have the following:

Primary addressPrimary image locationPrimary configuration location

Alcatel-Lucent C


ot Distribute



BOF Parameters

BootOptionFile

Alcatel 7750 SR uses the BOF file to perform the following tasks:

1) Set up the CPM Ethernet port (speed, duplex, auto)2) Create an IP address for the CPM Ethernet port3) Create a Static route for the CPM Ethernet port4) Set the console port speed.5) Configure the DNS Domain name6) Configure Primary, Secondary, Tertiary configuration source7) Configure Primary, Secondary, Tertiary image source8) Configure persistence requirements

Always be sure to save the BOF!

Parameters that are configured in the BOF are shown in the chart above. Configuration of the BOF is done in the BOF CLI context.

Sample BOF file commands:

SR-1# buff cf3 # Change or create a buff file on media cf3

SR-1>buff# address 10.10.10.2/24 primary # Change or create the CPM Ethernet Port IP address (must be entered from console)

SR-1>buff# speed 100 # Set the CPM Ethernet Port speed to 100 Mbps.

SR-1>bof# primary-image cf3:/TIMOS.1.0.R0 # Set the primary image directory

SR-1>bof# primary-config cf3:/test.cfg # Set the primary configuration file to be test.cfg

SR-1>bof# save # Saves the bof

Show Commands:

SR-1>show bof Displays the in-memory bof file (last used)

Alcatel-Lucent C


ot Distribute



Show BOF

A:sr1a# show bof===============================================================================BOF (Memory)===============================================================================

primary-image cf3:\4.0.R9primary-config cf3:\test\test_sr1a.cfgaddress 138.120.199.60/24 activeautonegotiateduplex fullspeed 100wait 3persist onconsole-speed 115200

===============================================================================

The slide above shows the information that is contained in the boot options file. The primary image location is one of the most important items in the BOF. If the router cannot find an image, it will remain in the boot cycle forever.

In this example, the primary configuration is located in CF1. Therefore, when the router reboots, it goes to CF1, gets the configuration that is specified in the BOF, and loads the router with that configuration. In addition, after the primary configuration location has been defined, every time the operator inputs the command admin save, the current configuration is saved to the primary configuration file.

The address that is referred to in the slide above is the address of the management port on the CPM. Notice the console speed; this is the default speed of the RS-232 port on the CPM. This speed can be changed here in the BOF.

Setting the CPM Ethernet Port AddressUse the following command to assign an IP address to the active CPM in the running configuration and the BOF or the standby CPM for systems that use redundant CPMs.

SR1# bof ↵

SR1>bof# address <xxx.xxx.xxx.xxx/xx> ↵(or e.g.,SR7>bof# address <xxx.xxx.xxx.xxx/xx> <active

|standby>↵)

SR1# show bof ↵

Alcatel-Lucent C


ot Distribute



Compact Flash

Each Control/Switch processor on a 7x50 product can have 3 compact flashes, cf1:, cf2:, cf3:Flash size can be 256M, 512M, 1G and 2GBy default the system startup looks for the boot.ldr file in cf3cf3 can store the runtime image, the running configurationRequires a shutdown of the compact flash before removing itCompact flash 1 and 2 can be used to store debug/accounting logs

Alcatel-Lucent C


ot Distribute


Section 4 — Basic Router Configuration

Alcatel-Lucent C


ot Distribute



Physical Access

OOB-CPMManagement

EthernetPort

In-band

Customer-Facing

Access Ports&

Network Portsare located on

MDAs

CPM Console Port

SF/CPM (Switch Fabric/Control Processor Module) Card Common to the SR-7 and 12

SR-1

The 7750 SR can be accessed in three ways:

In-band ports — These are access ports and network ports on MDAs.

Console port — A DB-9 serial port; this port is enabled by default. The default settings are:

Baud Rate: 115,200

Data Bits: 8

Parity: None

Stop Bits: 1

Flow Control: None

CPM Ethernet port — A 10/100 Ethernet management port.

Alcatel-Lucent C


ot Distribute



Initial System SETUP

The following steps are typically used to configure a system from start up

Login to the SR/ESS using console inputConfigure System name and changing admin user passwordConfigure CPM Ethernet management IP addressConfigure additional BOF parametersConfigure IOM cardsConfigure MDA cardsView AlarmsConfigure system addressConfigure Logs if requiredView entire running config

Alcatel-Lucent C


ot Distribute



Initial System SETUP (cont’d)

Set the system name >config>system# name SR-1

Configure the CPM Ethernet port IP address

SR-1# bof

SR-1>bof># address 10.1.1.1/32

SR-1>bof# save

SR-1>bof# exit

Change admin user password

SR-1# passwordEnter current password: Enter new password:

Re-enter new password:

Basic System Management ConfigurationSome basic configuration on the 7750 SR is required before putting it into service:

System nameChange admin passwordCPM Ethernet management port IP addressConfigure IOMs, MDAs, and ports

System NameThe system name can be any ASCII printable string of up to 32 characters. The system name is configured in the config CLI context. If the name contains spaces, it must be enclosed in double quotes to delimit the start and end of the name. The system name becomes part of the CLI prompt.

PasswordsThe default login and password is admin. This password should be changed before your router is put into service.

The system automatically creates at least one admin user (the default) and must retain at least one admin user unless you are using an external protocol such as RADIUS or TACACS+ to provide authentication.

You can configure the following password parameters:

Aging — The maximum number of days (1 to 500) that a password remains valid before the user must change it. The default is no aging enforced.

Attempts — The number of unsuccessful login attempts allowed in a specified time period. If the configured threshold is exceeded, the user is locked out for a specified time.

Count: 4Time (minutes): 10Lockout (minutes): 10

In the example above, a user is locked out for 10 minutes if 4 unsuccessful login attempts in occur in a 10-minuteperiod.

Authentication Order — You can configure the order in which password authentication is attempted among RADIUS, TACACS +, and local methods.

Complexity — You can use this parameter to specify if passwords must contain upper- and lowercase characters, numeric, and special characters.

Minimum Length — You can specify the minimum number of characters (1 to 8) required for a password.

Alcatel-Lucent C


ot Distribute



Show Card

A:sr1a# show card 1

===============================================================================Card 1===============================================================================Slot Provisioned Equipped Admin Operational

Card-type Card-type State State -------------------------------------------------------------------------------1 iom-20g-b iom-20g-b up up ===============================================================================

Show CardThe slide above shows the output of a show card command. The output shows that the card slot is configured to support all IOMs. The next columns show which card the slot is configured to accept and then which card is actually installed in the slot. These two entries must match. Finally, the administrative and operational states should both be up.

Alcatel-Lucent C


ot Distribute



Show MDA

A:sr1a# show mda

===============================================================================MDA Summary===============================================================================Slot Mda Provisioned Equipped Admin Operational

Mda-type Mda-type State State -------------------------------------------------------------------------------1 1 m5-1gb-sfp-b m5-1gb-sfp-b up up

2 m16-oc3-sfp m16-oc3-sfp up up ===============================================================================

Show MDAThe slide above shows the output of a show mda command. The output shows the card slot that is being referenced, in this case card 1, and then the MDAs that are supported by the IOM in card slot 1. In this case, all MDAs are supported.

Next is which MDA is the IOM slot configured to accept, the actual MDA that is installed in the IOM MDA slot, and the status of the MDA.

Alcatel-Lucent C


ot Distribute



Admin display-config

A:acie_sr1a# admin display-config # TiMOS-B-4.0.R9 both/hops ALCATEL SR 7750 Copyright (c) 2000-2007 Alcatel-Lucent.# All rights reserved. All use subject to applicable license agreements.# Built on Tue Dec 19 15:56:05 PST 2006 by builder in /rel4.0/b1/R9/panos/main

# Generated FRI DEC 22 16:00:41 2006 UTC

exit allconfigure#--------------------------------------------------echo "System Configuration"#--------------------------------------------------

systemname "acie_sr1a"snmp

shutdownexitlogin-control

Press any key to continue (Q o quit)

Admin display-configThe slide above shows a partial output of the admin display-config command. The first portion of the output shows the current version of the operating system that is running on the router. The router then outputs the entire configuration of the router, down to the port level. This command can output a large number of pages on a fully configured router.

Alcatel-Lucent C


ot Distribute



Info Command

The info command provides informational display during configuration without the need to use the show configcommand.

A:Training1>config>router# interface TorontoA:Training1>config>router>if# info----------------------------------------------

address 131.131.131.1/30port 1/1/1

----------------------------------------------

You can view more details by using the detailed version of the info command: info detail

Alcatel-Lucent C


ot Distribute



Logs

Record Events, Alarms, Faults that result from actions performed on the 7X50Can be used to record debug messages for trouble shootingLog Sources

Main - most normal logs Security - any attempt to breach system securityDebug - events as a result of turning debug tracing onChange - any events that change configuration of the node

Log DestinationsConsole, Session Memory, FileSYSLOG ServerSNMP Trap Group

7x50 Logs

The 7x50 ESS keeps very extensive logs of events, alarms, traps, and debug/trace messages. The logs are used to monitor events and troubleshoot faults in the 7450. You can configure what type of logging information is captured and where you want to send the captured logging information.

Log Sources

Applications and processes within the 7450 generate event logs. The logs are divided into four streams:

Main – most normal logs not specifically directed to any other event stream.

Security – any attempts to breach system security, such as failed login attempts.

Change – any events that affect the configuration or operation of the node.

Debug/Trace – all output generated as a result of turning on debug/trace.

Forwarded events are placed into an event log. Each event log has a log identification (log-id) number and can contain events from more than one event stream.

Log Destinations

You can configure the destination for the contents of a log-id. A log-id can be directed to one of the following destinations:

Console – the physical 9-pin console port of the 7450.

Session – a console or Telnet session. Sessions are temporary log destinations that are valid only as long as the session lasts.

Memory – a circular buffer where the oldest entry is overwritten when the buffer is full.

File – event logs and accounting policy information can be directed to a file.

Syslog – event log information can be sent to a syslog server.

SMNP Trap Group – event log information can be sent to an SNMP trap group. All events and traps are time-stamped and numbered per destination. Traps are sequence-numbered per destination and stored in memory. If the 7450 NMS should go offline for some reason it may not receive some trap notifications. When the NMS comes back online it will automatically recognize that it has missed some trap notifications because the last sequence number it has will be different from the sequence number in the 7450. The NMS will then update its records with the missing traps. If the in-memory notification log become full and some records are overwritten the NMS will resynchronize itself with

the 7450.

Alcatel-Lucent C


ot Distribute



Configuring Logs

Main

Event ControllerLog event?

Security Change Debug

Optional Filter Policy

YesNo

Garbage

Sources

Session File Memory SNMP

Log Id 10 Log Id 13Log Id 11 Log Id 12

Configuring Logs

Steps1. Configure a log id with a number from 1-98

2. Identify the source

3. Specify an optional filter to filter events if desired

4. Identify the destination

5. Examine the logs to view the events

Alcatel-Lucent C


ot Distribute



CLI for Configuring Logs

A:PE1>config# log filter - filter <filter-id>- no filter <filter-id>

<filter-id> : [1..1001]

[no] default-action - Specify the default action for the event filter[no] description - Description string for the event filter[no] entry + Configure an event filter entry

A:PE1>config# log filter 14

A:PE1>config>log>filter$ description "default filter"A:PE1>config>log>filter$ default-action forward A:PE1>config>log>filter$ back

A:PE1>config>log>filter# info detail ----------------------------------------------

default-action forwarddescription "default filter"

----------------------------------------------

Alcatel-Lucent C


ot Distribute



CLI for Configuring Logs (cont’d)

A:PE1>config>log# log-id 14A:PE1>config>log>log-id# from debug-trace A:PE1>config>log>log-id# to session A:PE1>config>log>log-id# filter 14

A:PE1>config>log>log-id# info detail ----------------------------------------------

no descriptionfilter 14 time-format utcfrom debug-traceto sessionno shutdown

----------------------------------------------A:PE1>config>log>log-id#

General Log Commands

Show log applications

Show log event-control

Show log file-id

Show log filter-id

Show log log-collector

Show log log-id

Show log snmp-trap-group

Show log syslog

Alcatel-Lucent C


ot Distribute



Default Alarm Logs

There are two default logs Log 99 – All severity levels of alarmsLog 100 – Only serious errors

To view the logs use the following commands:Show log log-id 99Show log log-id 100

More granular “data mining” of the two log files can be accomplished:Show log log-id 99 subject 1/1/1 – port specificShow log log-id 99 application chassis – chassis related alarmsOthers exist.

Only store about 500 entries. If more entries are required then specific alarm logs need to be created

How to show Layer 1 & Layer 2 alarms7X50 has two default memory logs (Log-id 99 & 100) containing all the events from the “main” application. All severity levels of alarms are recorded in log-id 99, where log-id 100 only contains serious errors.

There are several ways to view the alarms of a specific subject, such as alarms related to a particular port. One method is to create a new log that only monitors the specific subject.

Alcatel-Lucent C


ot Distribute



Default Logs – Alarm Monitoring Example

The “show log” commandA:PE1>config>log>log-id# show log log-id 99===================================================================Event Log 99===================================================================Description : Default System LogMemory Log contents [size=500 next event=25 (not wrapped)]

24 2006/08/17 15:30:55.29 UTC WARNING: SYSTEM #2006 - CHASSIS"tmnxMDATable: Slot 1, MDA 2 configuration modified"

23 2006/08/17 15:30:55.29 UTC WARNING: SYSTEM #2007 - PORT"Pool on Port 1/2/b.net-sap Modified managed object created“…………………….5 2006/08/17 15:30:55.29 UTC MINOR: CHASSIS #2004 - Mda 1/2"Class MDA Module : wrong type inserted"

The “show log log-id 99 application chassis” command details any and all alarms that have been logged within the router. In the above case the detailed information only shows minor alarms from the individual modules being inserted into the chassis. Noting the time, these entries were from when the router first booted.

Alcatel-Lucent C


ot Distribute



Module Summary

7x50 product CLI commands and navigationUseful commandsSystem startup and boot filesBoot Options File (BOF) and default configuration filesBasic system and hardware configurationLogs and alarms

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. What information does the BOF contain?2. What is the CLI context in which interfaces are configured?3. What command can be used to view the status of the MDAs?4. List the possible log sources.5. How many default logs are there, and what info do they

provide?

Alcatel-Lucent C


ot Distribute



Learning Assessment Answers

Page left blank for notes

1. What information does the BOF contain?

Stores the parameters that specify the location of the image file from which the router will try to boot, and stores the configuration file which the routers uses to configure the applications and interfaces.

2. What is the CLI context in which interfaces are configured?

PE1>config>router#

3. What command can be used to view the status of the MDAs?

PE1>show mda x

4. List the possible log sources.

Main, Security, Debug, Change

5. How many default alarm logs are there, and what info do they provide?

There are two. Log 99 provides list of alarms of all severity. Log 100 provides a list of only the serious errors that occur.

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent C


ot Distribute


Module 3 — Ethernet Overview

Alcatel-Lucent C


ot Distribute



Module Objectives


Understand layer 2 requirementsDiscuss the Ethernet protocol and its different components Discuss the operation of STPDiscuss the operation of RSTP and its improvement over STPDiscuss the function of virtual local area networksDiscuss the operation of MSTP and how it relates to VLANs

Alcatel-Lucent C


ot Distribute

Ethernet Overview

Section 1 — Layer 2 OSI and Ethernet Defined

Alcatel-Lucent C


ot Distribute



Data Link Layer/ Layer 2 OSI

Defines an addressing structure that is used between end systemsProvides framing and error checking for the transfer of data viaphysical mediaLayer 2 examples:

EthernetPPPATMFrame relayToken ring

The data link layer defines a lower-level addressing structure to be used between end systems as well as the lower-level framing and checksums used to transmit over the physical medium. Using checksums maintains data integrity across end systems. It is at the data link layer that the data is broken down into bits for transmission via the physical layer.

Ethernet, token ring, and frame relay are all examples of data link layer or layer 2 protocols.

Traditional Ethernet switches operate at the data link layer and are concerned with forwarding packets based on the layer 2 addressing scheme. Layer 2 Ethernet switches are not concerned with whether the packet contains IP, IPX, or AppleTalk, but only with the transmission of the Ethernet frame.

Alcatel-Lucent C


ot Distribute



Layer 2 Protocols - ATM

ATM Asynchronous Transfer ModePacket oriented cell switching technologyApplication packets are broken into 53 byte fixed sized cells including a 5 byte header also referred to as an ATM packetATM circuit is identified by a VPI/VCI valueEnhanced QoS support with 5 service classesIdeal for multiple services on the same line

CLPPTVCIHEC

VCIVPIVCI

VPIGFC0 7Bits

The UNI header consists of the following fields:

GFC—4 bits of generic flow control that are used to provide local functions, such as identifying multiple stations that share a single ATM interface. The GFC field is typically not used and is set to a default value.VPI—8 bits of virtual path identifier that is used, in conjunction with the VCI, to identify the next destination of a cell as it passes through a series of switch routers on its way to its destination.VCI—16 bits of virtual channel identifier that is used, in conjunction with the VPI, to identify the next destination of a cell as it passes through a series of switch routers on its way to its destination. PT—3 bits of payload type. The first bit indicates whether the cell contains user data or control data. If the cell contains user data, the second bit indicates congestion, and the third bit indicates whether the cell is the last in a series of cells that represent a single AAL5 frame.CLP—1 bit of cell loss priority that indicates whether the cell should be discarded if it encounters extreme congestion as it moves through the network. HEC—8 bits of header error control that are a checksum calculated only on the header itself.

Alcatel-Lucent C


ot Distribute



Layer 2 Protocols - ATM Adaptation Layers

AALATM packets are further encapsulated by ATM adaptation layers (AAL) which are responsible for Segmentation of higher layer data into ATM cells and Re-assembly (SAR) of ATM packets received at the other end into higher layer dataPurpose is to adapt the class of service from higher layers onto connectionless ATM cellsAAL classification is related to the service and application required for transport

AAL1 – Constant Bit rate trafficAAL2 – Variable Bit rate trafficAAL3/4 – Connection oriented service usuallyAAL5 – Connectionless oriented service usually (for e.g. IP)

Constant Bit Rate (CBR) service: AAL1 encapsulation supports a connection-oriented service where minimal data loss is required. Examples of this service include 64 Kbit/sec voice, fixed-rate uncompressed video and leased lines for private data networks.

Variable Bit Rate (VBR) service: AAL2 encapsulation supports a connection-oriented service in which the bit rate is variable but requires a bounded delay for delivery. Examples of this service include compressed packetized voice or video. The requirement on bounded delay for delivery is necessary for the receiver to reconstruct the original uncompressed voice or video.

Connection-oriented data service: For connection-oriented file transfer and in general, data network applicationswhere a connection is set up before data is transferred, this type of service has variable bit rate and does not require bounded delay for delivery. Two AAL protocols were defined to support this service class, and have been merged into a single type, called AAL3/4.

Connectionless data service: Examples of this service include datagram traffic and in general, data network applications where no connection is set up before data is transferred. This is used to transport IP/Ethernet/Frame relay applications

Alcatel-Lucent C


ot Distribute



Layer 2 Protocols - ATM Adaptation Layer 5

AAL 5 Generally used to transport non-real time connectionless dataEncapsulation used for transporting IP packets and inter-working with Frame Relay or Ethernet packetsAAL5 is the simple and efficient AAL which is the one used most for data traffic; it has no per-cell length nor per-cell CRC fields.

CRC-32LICPIUUPADPDU payload

4 Bytes2110-47Variable length

PDU - Variable length user information field (broken into 48 byte segments)

PAD - Padding used to cell align the trailer between 0 and 47 bytes long.

UU - CPCS user-to-user indication to transfer one byte of user information

CPI - Common Part Indication

LI - Length indicator

Higher level SDUs may be several bytes in length, however, as the ATM payload is only 48 bytes, the SDUs must be segmented into multiple cells as it enters the ATM network, and then reassembled when it exits the ATM network. This function of the ATM adaptation layer is known as SAR – Segmentation and Reassembly. The adaptation layer comprises two sub-layers, one of which is the SAR sub-layer, the other being the CS – Convergence Sub-layer, which performs service-dependent functions.

Alcatel-Lucent C


ot Distribute



Layer 2 Protocols -PPP

PPP (Point to Point Protocol)Point to Point data link layer protocol initially designed to transport IP packetsCan be used over Asynchronous (ATM, dial-up) or synchronous ISDN digital mediaComponents:

Physical- Can operate across any DTE/DCE (EIA/TIA, ISDN etc.)LCP (Link Control Protocol) – to build data link connectionsNCP ( Network Control Protocol)- to allow multiple Network protocols to be used over the point to point links

Supports authentication, compression, error detection, multi-link as part of the LCP protocol

Alcatel-Lucent C


ot Distribute



Layer 2 Protocols - PPP (cont’d)

PPP Frame

PPP in OSI frame IP/IPX/AppleTalk3

Physical Layer1

HDLC (High-level Data link)

LCP (Link Control)

NCP (Network Control)2

Flag0x7E

Frame Check SequencePacking

Padding

Data

ProtocolSecond byte

ProtocolFirst byte

Control0x03

Address0xFF

Flag0x7E

Flag: The first flag field indicates the start of a PPP frame. Always has the value “01111110” binary (0x7E hexadecimal, or 126 decimal). The last flag field indicates the end of a PPP frame. Always has the value “01111110” binary (0x7E hexadecimal, or 126decimal

Address: In HDLC this is the address of the destination of the frame. But in PPP we are dealing with a direct link between two devices, so this field has no real meaning. It is thus always set to “11111111” (0xFF or 255 decimal), which is equivalent to a broadcast (it means “all stations”).

Control: This field is used in HDLC for various control purposes, but in PPP it is set to “00000011” (3 decimal).

Data: Zero or more bytes of payload that contains either data or control information, depending on the frame type. For regular PPP data frames the network-layer datagram is encapsulated here. For control frames, the control information fields are placed here instead.

Padding: In some cases, additional dummy bytes may be added to pad out the size of the PPP frame.FCS2 (or 4)

Frame Check Sequence (FCS): A checksum computed over the frame to provide basic protection against errors in transmission. This is a CRC code similar to the one used for other layer two protocol error protection schemes such as the one used in Ethernet. It can be either 16 bits or 32 bits in size (default is 16 bits). The FCS is calculated over the Address, Control, Protocol, Information and Padding fields.

Protocol: Identifies the protocol of the datagram encapsulated in the Information field of the frame. See below for more information on the Protocol field.

Value (in hex) Protocol Name Reference-------------- ----------------- ------------

0001 Padding Protocol 0003 ROHC small-CID [RFC3095] 0005 ROHC large-CID [RFC3095] 0007 to 001f reserved (transparency inefficient) 0021 Internet Protocol version 4 0023 OSI Network Layer 0025 Xerox NS IDP 0027 DECnet Phase IV 0029 Appletalk 002b Novell IPX

Alcatel-Lucent C


ot Distribute



Layer 2 Protocols – PPP (cont’d)

PPP Establishment Sequence

Data Network

LCP

LCP

Set Receive Data size and compression

CHAP Challenge

CHAP Response

Success

NCP

1

3

4

2

5

6

A PPP Session establishment has three phases:

1. Link Establishment Phase

- each PPP device sends LCP packets to configure/test the data link

- LCP packets contain a Configuration Option field to negotiate:

• maximum receive unit

• compression of certain PPP fields

• link authentication protocol

2. (Optional) Authentication Phase

PAP - Password Authentication Protocol

• Two-way handshake

• Passwords sent in clear text

• Remote node in control of attempts

CHAP - Challenge Handshake Authentication Protocol

• Three-way handshake

• Challenge | Response | Accept/Reject

• Use secret know only to authenticator and peer

• Can be repeated any time after the link has been established

3. Network-Layer Protocol Phase

1. - PPP devices send NCP packets to choose and configure one or more network-layer protocols

2. - Once protocols are configured, datagrams can be sent over the network

Alcatel-Lucent C


ot Distribute



Layer 2 Protocols - Ethernet

EthernetMost commonly used layer 2 protocol for LANsUses MAC for identifying interfacesEncapsulates layer 3 traffic in an Ethernet frame that requires a source MAC and a destination MAC address for end system identificationCan use the broadcast address FF:FF:FF:FF:FF:FF as the destination MAC address to forward data to all Ethernet devices in the LAN

Alcatel-Lucent C


ot Distribute



Ethernet History

Ethernet is a LAN architecture developed by the Xerox Corporation in cooperation with DEC and Intel in 1976. Ethernet initially supported data transfer rates of 10 Mb/s. The Ethernet specification served as the basis for the IEEE 802.3 standard, which specifies the physical and lower software layers.

Ethernet started using the CSMA/CD access method (half-duplex) to handle simultaneous demands. Ethernet is one of the most widely implemented LAN standards.

Ethernet was originally designed by the Xerox Corporation, but the company was unsuccessful at launching the technology commercially. Later Xerox joined with Digital Equipment Corporation to commercially standardize a suite of network products that would use the Ethernet technology. The Intel Corporation later joined the group, known as DEC-Intel-Xerox (DIX). DIX developed and published the standard that was used for 10 Mb/s version of Ethernet. Originally, the only medium capable of handling these speeds was a multidrop thick coaxial cable.

The IEEE had started project 802, which was to provide the industry with a framework for standardizing of LAN technology. Because the technology was so diverse, the IEEE formed working groups in support of the different LAN technologies. The 802.3 working group was tasked with standardizing LANs based on the Ethernet technology.

Alcatel-Lucent C


ot Distribute



Ethernet and the OSI Model

Application

Presentation

Session

Transport

Network

Data Link

Physical

Media AccessControl

Logical Link Control802.2

LLC – Interface to the L3 protocolMAC – L2 addressing, data transfer, sync, error control, and data flow

Ethernet resides at the data link layer. The Ethernet layer is subdivided into two sublayers: LLC and MAC.

The LLC interfaces between the network interface layer and the higher L3 protocol and may provide additional functions such as flow control.

The MAC layer is responsible for determining the physical source and destination addresses for a particular frame and for the reliable transfer of data, synchronization of data transmission, error control, and flow of data.

At the physical layer, to observe the physical link condition, Ethernet uses the link integrity test, in which Ethernet transceivers continually monitor the data path for activity. The result of good activity is the green LED on most Ethernet NICs.

Alcatel-Lucent C


ot Distribute



Ethernet Frame Format

SFDPre-amble

8 bytes, fixed sequence to alert the receiver(0x55555555555555D5), start frame delimiter

DA

Destination MAC address (6 bytes)

SA

Source MAC address (6 bytes)

Length/type

Frame length or type information, 2 bytes

P a y l o a d (46 to 1500 bytes)

Payload: Internet layer

FCS

Frame check sequence4 bytes

The frame consists of a set of bits organized into several fields. These fields include address fields, a variable size data field that carries from 46 to 1500 bytes of data, and an error checking field that checks the integrity of the bits in the frame to make sure that the frame has arrived intact.The original Ethernet standards defined the minimum frame size as 64 bytes and the maximum as 1518 bytes. These numbers include all bytes from the destination MAC address field to the frame check sequence field. The preamble and the start frame delimiter fields are not included when quoting the size of a frame. The IEEE 802.3ac standard released in 1998 extended the maximum allowable frame size to 1522 bytes to allow for a VLAN tag to be inserted into the Ethernet frame format.Frames can be bigger for gigabit Ethernet and 10 gigabit Ethernet ports.Preamble

This is a stream of bits used to allow the transmitter and receiver to synchronize their communication. The preamble is an alternating pattern of binary 56 ones and zeroes. The preamble is immediately followed by the Start Frame Delimiter.

Start Frame Delimiter This is always 10101011 and is used to indicate the beginning of the frame information.

Destination MACThis is the MAC address of the machine receiving data..

Source MACThis is the MAC address of the machine transmitting data.

LengthThis is the length of the entire Ethernet frame in bytes.

Data/Padding (a.k.a. Payload) The data is inserted here. This is where the IP header and data is placed if you are running IP over Ethernet. This field contains IPX information if you are running IPX/SPX (Novell). Contained within the data/padding section of an IEEE 802.2 frame are four specific fields: DSAP - Destination Service Access PointSSAP - Source Service Access PointCTRL - Control bits for Ethernet communicationNLI - Network Layer Interface

The Frame Check Sequence (FCS) is a part of the frame put in place to verify that the information each frame contains is not damaged during transmission. If a frame is corrupted during transmission, the FCS on the frame will not match with the recipient's calculated FCS. Any frames that do not match the calculated FCS will be discarded

Alcatel-Lucent C


ot Distribute



Ethernet II Frame Capture

0000 00 11 43 45 61 23 00 e0 52 d4 a5 00 08 00 45 00 ..CEa#..R.....E.0010 01 21 0e ab 00 00 40 06 ea a8 8a 78 35 fe 8a 78 [email protected] 35 95 00 17 09 55 98 09 6c 96 8e 7b 67 a7 50 18 5....U..l..{g.P.0030 40 00 bc 0e 00 00 ff fb 03 0d 0a 64 65 76 69 63 @..........devic0040 65 3a 20 20 73 54 57 33 32 66 62 69 38 32 0d 0a e: sTW32fbi82..0050 0d 0a 41 6c 63 61 74 65 6c 20 4e 65 74 77 6f 72 ..Alcatel Networ0060 6b 73 20 43 61 6e 61 64 61 2c 20 36 30 30 20 4d ks Canada, 600 M0070 61 72 63 68 20 52 6f 61 64 2c 20 4b 61 6e 61 74 arch Road, Kanat0080 61 2c 20 4f 6e 74 61 72 69 6f 0d 0a 55 6e 61 75 a, Ontario..Unau0090 74 68 6f 72 69 7a 65 64 20 61 63 63 65 73 73 20 thorized access 00a0 70 72 6f 68 69 62 69 74 65 64 2e 20 20 41 63 63 prohibited. Acc00b0 65 73 73 20 74 6f 20 74 68 69 73 20 64 65 76 69 ess to this devi00c0 63 65 20 69 73 20 72 65 73 74 72 69 63 74 65 64 ce is restricted00d0 2e 0d 0a 51 75 65 73 74 69 6f 6e 73 20 61 62 6f ...Questions abo00e0 75 74 20 74 68 69 73 20 64 65 76 69 63 65 20 73 ut this device s00f0 68 6f 75 6c 64 20 62 65 20 64 69 72 65 63 74 65 hould be directe0100 64 20 74 6f 20 4e 65 74 77 6f 72 6b 20 4f 70 65 d to Network Ope0110 72 61 74 69 6f 6e 73 0d 0a 61 74 20 2b 31 20 36 rations..at +1 60120 31 33 2d 37 38 34 2d 33 31 32 34 2e 20 0d 0a 13-555-3124. ..

Source Address Ether Type L3/IP Information TCP InfoDestination Address

DetailsFrame 234 (303 bytes on wire, 303 bytes captured)Ethernet II, Src: FoundryN_d4:a5:00 (00:e0:52:d4:a5:00), Dst: Dell_45:61:23 (00:11:43:45:61:23)

Destination: Dell_45:61:23 (00:11:43:45:61:23)Source: FoundryN_d4:a5:00 (00:e0:52:d4:a5:00)Type: IP (0x0800)

Internet Protocol, Src: 138.120.53.254 (138.120.53.254), Dst: 138.120.53.149 (138.120.53.149)Version: 4Header length: 20 bytesDifferentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)Total Length: 289Identification: 0x0eab (3755)Flags: 0x00Fragment offset: 0Time to live: 64Protocol: TCP (0x06)Header checksum: 0xeaa8 [correct]Source: 138.120.53.254 (138.120.53.254)Destination: 138.120.53.149 (138.120.53.149)

Transmission Control Protocol, Src Port: 23 (23), Dst Port: 2389 (2389), Seq: 4, Ack: 1, Len: 249Source port: 23 (23)Destination port: 2389 (2389)Sequence number: 4 (relative sequence number)Next sequence number: 253 (relative sequence number)Acknowledgement number: 1 (relative ack number)Header length: 20 bytesFlags: 0x0018 (PSH, ACK)Window size: 16384Checksum: 0xbc0e [correct]

Telnet

Alcatel-Lucent C


ot Distribute



Ethernet — MAC Addressing

MAC addresses allow Ethernet connected devices to communicate with each other.IEEE 802.3 uses a 48-bit address space, yielding 2^48 possible addresses.A unique L2 MAC address is given to each network host.Most MAC addresses are pre-programmed into the Ethernet NIC at the time of manufacture.MAC addresses are assigned by IEEE and are globally unique.The first 3 octets in the address are assigned by IEEE on a per-manufacturer basis.

Alcatel-Lucent C


ot Distribute



Ethernet — MAC Addressing (continued)

MAC Address Format

XX-XX-XX-XX-XX-XXVendor AssignedOUI

The OUI is the number assigned by the IEEE to vendors such as AlcatelOUI examples: Alcatel Canada 00-80-21 and 00-D0-F6, Alcatel USA 00-17-CC, Alcatel Italia 00-20-60OUI engine: http://standards.ieee.org/regauth/oui/index.shtml

Alcatel-Lucent C


ot Distribute



Ethernet Frame Types

Ethernet 802.3 RawOriginal frame type; does not support LLC

Ethernet 802.2Includes fields from 802.3 and LLC 802.2

Ethernet IISimilar frame type except that the length field has been replaced by a type field

Ethernet SNAPSimilar to 802.2 but has expanded LLC capabilities

Ethernet supports multiple frame types that are often related to the payload that is in the frame itself.

Ethernet 802.3 Raw — This type of Ethernet frame was developed by Netware and will only support Novell IPX/SPX traffic. The frame is similar to the standard 802.3 frame except that it does not contain the LLC information.

Ethernet 802.2 — This frame includes fields from 802.3 and 802.2. The major difference in this type of frame is that the first 3 bytes of the data field are reserved for the LLC header information: the DSAP, SSAP, and control field. This is the most commonly used frame today.

Ethernet II — The major difference of this frame is that the 2 bytes that typically define the length of the frame are now used to define the type of frame. In addition, the Ethernet II frame does not use an LLC header in the data field.

Ethernet SNAP — SNAP is similar to 802.2, with LLC parameters, but has expanded capabilities. The LLC now uses the first 8 bytes of the data field for LLC header information. The wireless protocol 802.11g uses this format.

Alcatel-Lucent C


ot Distribute



Ethernet Transmission

Half-duplex transmissionData sent in one direction at a timeResults in collisionsUses CSMA/CD to resolve collisionsHubs are the most common half-duplex devices

Full-duplex transmissionData sent in both directions at the same timeRequires point-to-point connectionsNo collisionsAn approach to higher network efficiency Switches are the most common full-duplex devices

Half-duplex transmission is the traditional means of transporting Ethernet frames. Because data is transmitted in one direction at a time over a shared medium, such as a hub, collisions are possible. The CSMA/CD algorithm is used to handle collisions. A hub uses shared media and supports half-duplex only. 10Base-T, which works on half-duplex, is efficient 30 to 40% of the time because of collisions and as such the effective throughput is only 3 to 4 Mb.

Full-duplex transmission has data forwarding in both directions simultaneously. Full-duplex implementations also require a point-to-point connection between each send and receiver port. Therefore a switch with 8 ports would have each of the 8 ports connected to the rest of the ports via a dedicated set of wires. This ensures that there is no shared medium and collision is not possible. Because data can be transmitted bidirectionally, the effective rate of a 10-Mb full-duplex transmission is 20 Mb (i.e., 10 Mb each way). Hence full-duplex transmissions are more efficient than half-duplex. Switches and routers usually support full-duplex transmissions.

When devices such as switches and hubs are interconnected, care must be taken to ensure that the proper transmission parameters are set on the ports. For switch-to-hub connections, the switch port must be set to half-duplex because the hub only supports half-duplex. For switch-to- switch, switch-to-host, or switch-to-router connections, full-duplex can be used.

Alcatel-Lucent C


ot Distribute



Half-Duplex Operation (CSMA/CD )

All hosts constantly listen to the line.Host A transmits.Hosts B, C, and D listen to host A and do not transmit.All hosts receive host A’s message.

Hub

A B C D

The CSMA/CD access rules are summarized by the protocol’s acronym.

Carrier Sense means that a host that wants to transmit data will first monitor the link, and if it does not sense the transmission signal of another host, it will transmit its data. If the waiting host senses another host transmission signal, the waiting host will continue to wait until the link goes silent.

Multiple Access means many hosts share the same medium.

Collision Detection means that hosts monitor the medium while transmitting to detect another host that is transmitting while they are transmitting. This means that only one host can transmit at once, as shown in the figure above.

In this scenario:

All the hosts are listening to the line.

Host A decides to transmit because there is no message transmitted by any other host (idle line).

Hosts B, C, and D listen to host A transmitting and will not transmit data until host A has transmitted the data.

Host A’s message is transmitted on all hub ports.

The procedure above reduces the chance of collisions but does not prevent them. Both hosts A and B could decide to transmit at once because no other hosts are transmitting a message on the line (idle line).

Alcatel-Lucent C


ot Distribute



Half-Duplex Operation (CSMA/CD) (continued)

All hosts constantly listen to the line.Host A and host B transmit simultaneously.Messages collide.Both hosts back off for a random time interval.

Hub

A B C D

When host A and host B transmit frames at the same time, they will both detect collision or corruption of the data.

Both host A and host B will generate a jam signal, which will be received by other hosts so that they discard the data that was just corrupted by a collision.

A random back-off timer is then started on the transmitting hosts. Afterward, either host A or host B will initiate a transmission after they detect no other transmission on the line.

Alcatel-Lucent C


ot Distribute



Full-Duplex Operation

Point-to-point onlyAttached to a dedicated switched portRequires full-duplex support on both endsCollision-free

Switch

A B C ED

Full-duplex operation is an optional MAC layer capability that allows simultaneous two-way transmission over point-to-point links.

Full-duplex transmission involves no media contention, no collisions, and no need to schedule retransmissions. There are exactly two hosts connected on a full-duplex point-to-point link.

The link bandwidth is effectively doubled because each link can now support full-rate, simultaneous, two-way transmission.

Alcatel-Lucent C


ot Distribute



Auto-Negotiation

Ethernet’s negotiable operationSpeed

10 Mb/s100 Mb/s1000 Mb/s

Operation modeHalf-duplex (CSMA/CD)Full-duplex

If auto-negotiation is enabled, Ethernet nodes connected by a twisted pair cable negotiate their speed as well as duplex mode prior to establishing a link.

Auto-negotiation is a mechanism that takes control of the cable when a connection to a network device is established. Auto-negotiation detects the various modes that exist in the device on the other end of the wire (the link partner) and advertises its own abilities to automatically configure the highest performance mode of interoperation.

Auto-negotiation was first defined in 1995 as an optional feature for 10 and 100 Mb/s twisted-pair Ethernet, clause 28 of 802.3u. 1000Base-T requires auto-negotiation to establish signal timing control to make the link operational.

Basically, an auto-negotiation device advertises its abilities and detects the abilities of the remote device that it is connected to, known as the link partner. After auto-negotiation has received the link partner's abilities in a robust manner and it receives acknowledgment that its abilities have also been received by the link partner, auto-negotiation compares the two sets of abilities and decides which technology to connect. This decision is based upon a previously agreed priority of technologies. Auto-negotiation attaches the highest-performance common technology to the medium and becomes transparent until the link goes down or is reset.

Alcatel-Lucent C


ot Distribute



1 Collision Domain,1 Collision Domain,1 Broadcast Domain1 Broadcast Domain

Resource

2 Collision Domains, 2 Collision Domains, 1 Broadcast Domain1 Broadcast Domain

Router

3 Broadcast Domains,3 Broadcast Domains,3 Collision Domains3 Collision Domains

Bridge

Switch

Network Domains

Hub

A collision domain is a group of Ethernet or fast Ethernet devices in a CSMA/CD LAN that are connected by repeaters and that compete for access in the network. Only one device in the collision domain may transmit at any one time, and the other devices in the domain listen to the network to avoid data collisions. A collision domain is sometimes referred to as an Ethernet segment.

A broadcast domain is a restricted area in which information can be transmitted for all devices in the domain to receive. More specifically, Ethernet LANs are broadcast domains. Any devices attached to the LAN can transmit frames to any other device because the medium is a shared transmission system. Frames are normally addressed to a specific destination device in the network. While all devices detect the frame transmission in the network, only the device to which the frame is addressed actually receives it. A special broadcast address consisting of all 1s is used to send frames to all devices in the network.

Alcatel-Lucent C


ot Distribute



Collision Domains

In this figure, there are 8 collision domains and 3 broadcast domains.

Hub

Hub

Hub

Hub

Hub

Hub

Switch

Switch

Router

Collision

Domain

Collision

Domain

Collision

Domain

Collision

Domain

Collision

Domain

Collision

Domain

Collision

Domain

Collision

DomainBroadcast

Domain

Broadcast

Domain

Broadcast

Domain

Alcatel-Lucent C


ot Distribute



Switch

11 22

Host A

00 00 A2 00 00 01

Host B

00 00 A2 00 00 02

Switch Forwarding TableNode MAC Address00 00 A2 00 00 0100 00 A2 00 00 02

Interface12

Switching

Ethernet switches use the MAC address of the host. The switch dynamically learns which host MAC addresses are associated with an interface and enters the address information into a MAC FDB.

When the switch receives an Ethernet frame, it looks at the destination MAC address of the frame, compares it to the entries in its MAC FDB, and then transmits the frame out of the appropriate interface.

If no entry is found, the switch floods the frame out of all its interfaces.

Alcatel-Lucent C


ot Distribute



1/1/2

1/1/1

1/1/3

1/1/4

1/1/4

1/1/3

1/1/2

1/1/1Host A

0000.8c01.000A

Host B

0000.8c01.000B

Host C

0000.8c01.000C

Host D

0000.8c01.000D

Step 1: Host A sends a frame to Host B.

Step 2: The switch receives the frame on 1/1/1 and places source in MAC table.

Step 3: The destination is not in the MAC table so the switch forwards the frame to all ports except the source.

Step 4: Host B responds to Host A. The switch adds the source address of Host B to the MAC table.

Step 5: Host A and Host B can now send unicast frames bidirectionally.

Step 6: Similarly, Host C and Host D will send frames and populate the MAC table.

Step 2

Step 4

0000.8c01.000A

0000.8c01.000B

0000.8c01.000C

0000.8c01.000D

Step 6

Building Up the MAC Forward/Filter Table

MAC Table

Alcatel-Lucent C


ot Distribute



Link Aggregation Groups (LAG) Characteristics

Features and characteristics:Based on IEEE 802.3ad standardLAGs

Increase bandwidth available between two network devicesProvide redundancy if one or more links in the LAG should fail

LAGs are statically configured or formed dynamically with Link Aggregation Control Protocol (LACP)Failover time less than one secondAlcatel enhanced features:

Dynamic costLAG port thresholdSupport for up to 64 LAGs with 8 links per LAG

A LAG increases the bandwidth available between two nodes by grouping up to eight ports into one logical link. The aggregation of multiple physical links allows for load sharing and offers seamless redundancy. If one of the links fails, traffic is redistributed over the remaining links. Up to eight links can be supported in a single LAG, and up to 64 LAGs can be configured on a 7x50 SR/ESS.

Link Aggregation Control Protocol (LACP) is defined in IEE802.3ad (Aggregation of Multiple Link Segments). LACP provides a standardized method of implementing link aggregation among different manufacturers.

Link aggregation provides two important benefits:

increased performance - provides incremental bandwidth between two devices

increased resiliency - provides automatic, point-to-point redundancy between two devices

Alcatel-Lucent C


ot Distribute



LAG Configuration

LAG configurations should include at least two ports. Other parameter considerations include:

A maximum of eight ports can be included in a LAG. All ports in the LAG must share the same characteristics (speed, duplex, hold-timer, etc.). The port characteristics are inherited from the primary port.Auto-negotiation must not be configured for 10/100 ports that are part of a LAG. Ports in a LAG must be configured as full duplex. Configure ports as no autonegotiate.

config> lag 1config>lag# description “LAG from PE1 to PE2”config>lag# port 2/1/1 2/2/1 3/1/1config>lag# port-threshold 2 action downconfig>lag# dynamic-costconfig>lag# no shutdown

Example configuration:

LAG Port Threshold parameterThis parameter determines the behaviour of a LAG when the number of available links falls below the configured threshold value. Two actions can be specified:

Option 1: configure lag <lag-id> port-threshold <threshold value> action down

If the number of available links is less than the threshold value the LAG is declared operationally down until the number of available links is equal to or greater than the threshold value.

Option 2: configure lag <lag-id> port-threshold <threshold value> action dynamic-cost

When the number of available links falls below the threshold value, dynamic costing is used to determine the advertised LAG cost.

Note: The costing of a LAG only affects the IGP costing (OSPF only)

Dynamic Cost ParameterDynamic cost can be enabled with the general command config>lag <lag-id> dynamic-cost.

This parameter enables or disables the IGP costing of a LAG. When dynamic cost is enabled with this command and the number of active links is greater than the port threshold value (0-7), the path cost is dynamically calculated whenever there is change in the number of active links regardless of the specified port threshold action. Note that if the port-threshold action is to declare the logical link down then if the number of active links is falls below the port-threshold value it will be declared down, even if dynamic-cost is enabled.

Conversely, if the port-threshold is met and the action is set to dynamic cost, then the link cost is dynamically recalculated even if the general dynamic cost parameter is not configured.

Alcatel-Lucent C


ot Distribute



LAG Architecture – Dynamic Cost

LAG 1

LAG 2Node 1

Node 2 Node 3

If each link in LAG 1 and LAG 2 has a cost of 100, then the cost of logical link LAG 1 is 100/4=25 and LAG 2 is 100/3=33.

config> lag 1config>lag# port 2/1/1 2/2/1 3/1/1 3/2/1config>lag# port-threshold 3 action dynamic-costconfig> lag 2config>lag# port 4/1/1 4/2/1 5/1/1config>lag# port-threshold 2 action down

In the slide above, each physical link is configured with a cost of 100. Thus the cost of the logical link LAG 1 is 100/4=25 and LAG 2 is 100/3=33.

The LAG groups are configured as shown in the slide above. Thus, if two of the links in in LAG 1 fail, the logical link cost is recalculated to be 100/2=50. For LAG 2, if two of the links fail, the logical link is declared operationally down.

Alcatel-Lucent C


ot Distribute



Ethernet Standards

Four data rates are currently defined for operation over opticalfiber and twisted-pair cables:

10 Mb/s — 10Base-T Ethernet – twisted-pair or optical100 Mb/s — 100Base-T or Fast Ethernet – twisted-pair or optical1000 Mb/s — 1000Base-T or Gigabit Ethernet – twisted-pair or optical10 000 Mb/s — 10 Gigabit Ethernet – optical only

Alcatel-Lucent C


ot Distribute



Originally IEEE 802.3i; today’s standard is 802.3xTransmission rate with 802.3i is 10 Mb/s half-duplex, with 802.3x is 10 Mb/s full-duplexFrame format was based on Ethernet II, also called DIXMost networks today use the 802.3x frame format

10Base-T Ethernet

Alcatel-Lucent C


ot Distribute



100Base-T Ethernet

IEEE standard is 802.3uFull-/half-duplex modes, 100 Mb/s data rateCabling options:

100Base-TX — 2 pairs of twisted-pair cable100Base-T4 — 4 pairs of twisted-pair cable100Base-FX — Optical cable

Alcatel-Lucent C


ot Distribute



1000Base-T Ethernet

Also known as gigabit Ethernet or GigEIEEE standard is 802.3abFull duplex mode only, 1000 Mb/s data rate802.3ab specifies distances of 100 m using 4 pairs of Cat 5e cabling

Alcatel-Lucent C


ot Distribute



10 Gigabit Ethernet

IEEE standard is 802.3aeFull-duplex only, with 10 Gb/s data rateMinimizes the user's learning curve by maintaining the same management tools and architecturePhysical media used is optical only

Alcatel-Lucent C


ot Distribute



Ethernet Interface Types

Single-mode10 km850 nmOptical SFPLR

Multimode300 m850 nmOptical SFPSR

Single-mode40 km1550 nmOptical SFPEW/ER

Single-mode25 km1310 nmOptical SFPFX-SM

Single-mode10 km1310 nmOptical SFPLW/LR10 gigabit Ethernet

Single-mode70 km1470 nm to 1610 nm

Optical SFPCWDM

Single-mode80 km1550 nmOptical SFPZR

Single-mode70 km1550 nmOptical SFPZX

Single-mode10 km1310 nmOptical SFPLX

Multimode550 m850 nmOptical SFPSX

—100 m—CopperTXGigabit Ethernet

Multimode2 km1310 nmOptical SFPFX100Base

—100 m—CopperTX10/100Base

Fiber TypeDistanceWavelengthTypeDesignationEthernet

Alcatel-Lucent C


ot Distribute

Ethernet Overview

Section 2 — Spanning Tree Protocol

Alcatel-Lucent C


ot Distribute



Spanning Tree Protocol — What Is It?

Link management protocol that is part of IEEE 802.1Spanning tree algorithm provides path redundancy in Ethernet bridge/switch networksProvides 1 active path at a time between 2 bridges or switchesProvides backup paths to the active path, should the active path failPrimary function is to avoid looping in redundant path Ethernet networks

Alcatel-Lucent C


ot Distribute



Redundant Topology — Without STP

Redundancy Advantages:

Necessary for the link of a switch failover Load balancing

Disadvantages:May cause broadcast storms May cause multiple frame copies to be sentMay cause FDB table instability

Frame looping problemsLayer 2 has no mechanism to stop looping as layer 3 has with TTL

Alcatel-Lucent C


ot Distribute



Receiving Multiple Copies

Segment 1

Segment 2

Host A

Host B

Switch 1 Switch 2

In a network with built-in redundancy and no STP, the likelihood of receiving multiple copies of a frame is high. Most protocols cannot recognize duplicate transmissions. The protocols that do use a numbered sequencing to track transmitted packets will think that the numbers have reset or are recycled.

Alcatel-Lucent C


ot Distribute



Broadcast Storms

Segment 1

Segment 2

Host A

Broadcast

Host B

Switch 1 Switch 2

Networks that are designed with redundancy and no STP are vulnerable to the transmission of broadcast frames because the switch receives multiple copies of a frame.

Because the switch receives multiple frames, it floods broadcast frames out of all ports with the exception of the port the frame was received on. In a redundant network, this broadcast frame would perpetuate itself until the switch resets because it gets overwhelmed with activity.

Alcatel-Lucent C


ot Distribute



Database Instability

Segment 1

Segment 2

Host A

Unicast Unicast

Port 0

Port 1

Port 0

Port 1

Host B

MAC Address DB

Host A Port 0 Host A Port 0Host A Port 1

Switch 1 Switch 2

MAC Address DB

Redundant networks without STP can also cause database instability.

In the slide above, Switch 1 and Switch 2 will map the MAC address of Host A to Port 0. Later, when the copy of the frame arrives at Port 1 of Switch 2, Switch 2 must remove its original entry for Host A and replace it with the new entry for Host A, mapping it to Port 1. This activity causes an unstable database as Switch 2 tries to keep up with the actual location of Host A.

Alcatel-Lucent C


ot Distribute



STP and IEEE 802.1d

STP is defined in 802.1d as a link management protocolInitially developed in 1990, based on the ISO/IEC 10038 standardDesigned to provide path redundancy in Ethernet bridge/switch-based networks, while preventing loopsSTP uses a root/branch/leaf model, which determines a single path to each leaf spanning the entire L2 networkEnd hosts (e.g., PCs) are oblivious to STP and instead see a single LAN segment

Alcatel-Lucent C


ot Distribute



STP Port States

1) Port enabled, by management or initialization2) Port disabled, by management or failure3) Algorithm selects as Designated or Root Port4) Algorithm selects as Blocked Port5) Protocol timer expiry (Forwarding Timer)

Each port on a switch that uses STP exists in one of the following five states.

Blocking — A port in the blocking state does not participate in any frame forwarding. A switch always enters the blocking state following switch initialization.

Listening — This is the state that a port enters into after the blocking state when the STP has decided that this port should participate in frame forwarding.

Learning — A port enters into the learning state after the listening state. This is to prepare the forwarding tables for frame forwarding.

Forwarding — A port in the forwarding state forwards frames.

Disabled — A port in the disabled state is non-operational.

Alcatel-Lucent C


ot Distribute



STP Port States and Activities

Yes

No

No

Part of active topology

Yes

Yes

No

Learning of MAC addresses

Disabled

Forwarding

Learning

Listening

Blocking

STP port state

Alcatel-Lucent C


ot Distribute



STP and BPDU

The root bridge/switch sends STP messages via BPDUs to the branches/leaves.On individual branches and leaves, the user can specify IDs and path costs.The root bridge/switch sets the forwarding delay, hello time, and maximum age.BPDU is sent in Ethernet frame with the port’s address as source and the STP Multicast address 01:80:C2:00:00:00 as destination

Flags (1 byte)

Forwarding delay (2 bytes)

Hello time (2 bytes)

Maximum age (2 bytes)

Message age (2 bytes)

Port ID (2 bytes)

Bridge ID (8 bytes)

Path cost (4 bytes)

Root ID ( 8 bytes)

Message type (1 byte)Version (1 byte)

Protocol ID (2 bytes)

Configurable on each bridgeConfigurable on root bridge

BPDU Packet

Alcatel-Lucent C


ot Distribute



BPDU Packet Details

Always set to 0Version

Determines which of two BPDU types; configuration or TCNMessage type

Handle changes in the active topologyFlags

Forwarding delay

Hello time

Maximum age

Message age

Port ID

Bridge ID

Root path cost

Root ID

Protocol ID

Time spent in the listening and learning states

Time between configuration BPDUs

Maximum amount of time this BPDU is saved

Time stamp since the root bridge created this BPDU

Contains a unique value for each port

Identifies the bridge that is transmitting the current configuration message

Cumulative path cost of all links to the root bridge

Contains the bridge ID of root bridge (after convergence, all BPDUs should contain the same value)

Always set to 0

Configurable on each bridgeConfigurable on root bridge

STP performance is directly related to the root bridge/switch timer settings, which are outlined above in the final three fields of the BPDU: Maximum age, hello time, and forwarding delay.

Maximum age — Defines the maximum amount of time that any received STP information is kept. When this timer is exhausted, the STP information is discarded. (typically 20 seconds)

Hello time — Determines the frequency of transmitted hello messages to other bridges or switches (typically 2 seconds)

Forwarding delay — Defines the amount of time the port stays in the learning and listening states (typically 15 seconds)

The setting of all these values affects how quickly the network converges to a stable, frame-forwarding topology.

Alcatel-Lucent C


ot Distribute



STP in Action: State 1 Initialization

Host A

Host B

Boot UpBoot Up

Boot UpBoot Up

Boot UpBoot Up

Boot UpBoot UpState 1 — Initialization

BPDU

BPDU

BPDU

BPDU

BPDU

BPDU

BPDU

BPDU

RootBridge/Switch

RootBridge/Switch

RootBridge/Switch

RootBridge/Switch

B

A

C

D

Path Cost 10 Path Cost 10


A port in the Initialization state performs as follows:

Upon initialization every switch in the network assumes that it is the root and starts advertising this very fact in the BPDU messages

Alcatel-Lucent C


ot Distribute



STP in Action: State 1 — Root Bridge/Switch Election

Root bridge/switch election calculation:After bridges/switches have initialized, root bridge election occurs.Each bridge/switch has a user-assigned bridge priority.The bridge priority ranges from 0 to 65 535 (default is 32 768).Each bridge/switch sends its BID to every other bridge/switch. The BID is 8 bytes: 2 for bridge priority and 6 that contain theMAC address of the bridge/switch.Election of the root bridge is determined using the Bridge ID, which is made up of the Priority and MAC address

— the switch with lowest Bridge ID value is selected

Any subsequent physical change in the network after election of the root bridge will cause an STP recalculation.

Alcatel-Lucent C


ot Distribute



STP in Action: State 2 — Root Bridge/Switch Election (continued)

Host A

Host B

RootBridge/Switch

RootBridge/Switch

RootBridge/Switch

RootBridge/Switch

Priority - 32MAC - 00-80-21-00-00-10

Priority - 16MAC - 00-80-21-00-00-05

Priority - 48MAC - 00-80-21-00-00-20

Priority - 16MAC - 00-80-21-00-00-10

B

A

C

D

BPDU

BPD

U

BPDU

BPDU BPDU

BPDU

BPD

U

BPDU

Path Cost 10Path Cost 10

Path Cost 2

Path Cost 10

In this example, the two bridges/switches with the same priority will use their MAC addresses to decide which will be root. In this case, it is the topmost bridge/switch that has the lower MAC address and is therefore the root.

A port in the blocked state

Discards frames received from the attached segment.

Discards frames switched from another port for forwarding.

Does not incorporate station location into its address database. (There is no learning at

this point, so there is no address database update.)

Receives BPDUs and directs them to the system module.

Does not transmit BPDUs received from the system module.

Alcatel-Lucent C


ot Distribute



STP in Action: State 2 — Root Bridge/Switch Election (continued)

Host A

Host B

RootBridge/Switch

LeafBridge/Switch

LeafBridge/Switch

LeafBridge/Switch

Priority - 32MAC - 00-80-21-00-00-10

Priority - 16MAC - 00-80-21-00-00-05

Priority - 48MAC - 00-80-21-00-00-20

Priority - 16MAC - 00-80-21-00-00-10

B

A

C

D

Path Cost 10

Path Cost 10

Path Cost 2Path Cost 10

Alcatel-Lucent C


ot Distribute



STP in Action:— Path Calculation

Each port on a bridge/switch has a path cost value assigned, depending on bandwidth.The accumulated path cost determines the total cost to reach the root bridge/switch.Path cost values can be found in the IEEE 802.1d standard.

210 Gb/s

41 Gb/s

6622 Mb/s

14155 Mb/s

19100 Mb/s

3945 Mb/s

6216 Mb/s

10010 Mb/s

2504 Mb/s

STP cost valueLink bandwidth

Alcatel-Lucent C


ot Distribute



STP in Action:— Port Designations

After bridges/switches have initialized, and root and leaf bridges have been selected, each bridge port participating in the Spanning Tree is assigned either the root/designated or blocking status

Ports on root bridge automatically become designated ports.A switch/bridge that is not a root and has ports participating in STP is referred to as a designated bridge/switchPorts on designated bridge closest (least path cost) to the rootare elected as root ports. These ports receive the BPDUs from the rootNon-root ports on the designated bridge providing the least cost path from the segment (that the port is connected to) to the root bridge are elected as designated ports. Non-root ports on the designated bridge that do not provide the least cost path from the segment (that the port is connected to)to the root bridge are elected as non-designated ports and go into the blocked state

If both ports on a segment have equal cost to the root, then the bridge port with the lower bridge Id is elected as the designated port and the other port becomes a non-designated port

Alcatel-Lucent C


ot Distribute



STP in Action:— Port Designations

If the least path cost to the root bridge for non-root ports on a segment are the same, then

The port that belongs to the bridge with the lower bridge id will be elected as the designated port

If two non-root ports on the same bridge belonging to the same segment have the same least path cost to the root bridge and have the same bridge id, then

The port with the lower port id will be elected as the designated port

If both ports on a segment have equal cost to the root, then the bridge port with the lower bridge Id is elected as the designated port and the other port becomes a non-designated port

Alcatel-Lucent C


ot Distribute



STP in Action: State 3— Port Designations

Host A

Host B

Root

Leaf

Leaf

Leaf

Path Cost 2

Path Cost 10

Path Cost 10

Path Cost 10

Root Port

Designated Port

Designated Port

Designated Ports

Root Port

Root Port

B

A

C

D

Designated Port

Cost to Root 0

Cost to Root 10

Cost to Root 20Cost to Root 12

Cost to Root 10

Non-Designated

Port

SEGMENTS

Note that in the Alcatel 7750 SR product line, the default is that STP is disabled.

To summarize, three values are used in the STP port calculations:

Port priority (has a default value but is configurable)

Per interface cost (dependent on bandwidth but is configurable)

Port MAC address

Root port — Shortest path toward the root on a leaf, facing the root

Designated port — Sends and receives frames on that segment

Blocked port — Does not forward any frames

Alcatel-Lucent C


ot Distribute



STP in Action: State 3 — Listening State

Forwarded Traffic

BPDUs

NM Messages

Bridge/Switch

After STP has determined that the port will participate in frame forwarding, it puts the port into the listening state.

While in the listening state, the port can perform the following functions:

Discard any frames it receives from an attached Ethernet segment

Discard any frames another port on the bridge/switch passes to it to forward

Does not update the FDB when it receives updated BIDs

Receives and processes BPDUs both from the link and from the bridge/switch

Receives and processes network management traffic

Alcatel-Lucent C


ot Distribute



STP in Action: State 4 — Learning State

Forwarded Traffic

BPDUs

NM Messages

Bridge/Switch

Learning is the state that a port enters just before getting ready to participate in frame forwarding. The primary function is to incorporate MAC addresses in the FDB.

In the learning state, the port does the following:

Discards frames received from an attached segment

Discards frames received from another port for forwarding

Updates its FDB with new address information



Alcatel-Lucent C


ot Distribute



STP in Action: State 5 — Final Forwarding Paths

Host A

Host B

Root

Leaf

Leaf

Leaf

Path Cost 2

Path Cost 10

Path Cost 10

Path Cost 10

B

A

C

D

A port in the forwarding state forwards frames. It enters this state from the learning state.

While in the forwarding state, the port can perform the following functions:

Forward any frames that it receives from an attached Ethernet segment

Forward any frames that another port in the bridge/switch passes to it to forward

Updates the FDB when it receives updated BIDs



BPDUs are sent from the root to all the nodes including the PCs i.e host A and host B

Alcatel-Lucent C


ot Distribute



STP in Action: Topology Changes

After spanning tree has converged, only a change in topology causes the algorithm to be run again. Topology change occurs when

A switch moves a port from blocking into the forwarding stateA switch moves a port from the forwarding/learning state into the blocking state

Switch will generate a TCN BPDU (no data) out of its root port towards the rootEvery other switch on the way to the root will relay the TCN BPDU out its root port and send an acknowledge to the sending switchRoot responds with a TC flag set in its BPDU towards the downstream switches

A topology change occurs when a switch either moves a port into the Forwarding state or moves a port from the Forwarding or Learning states into the Blocking state. In other words, a port on an active switch comes up or goes down. The switch sends a TCN BPDU out its Root Port so that, ultimately, the Root Bridge receives news of the topology change.

The switch continues sending TCN BPDUs every Hello Time interval until it gets an acknowledgment from its upstream neighbor. As the upstream neighbors receive the TCN BPDU, they propagate it on toward the Root Bridge and send their own acknowledgments. When the Root Bridge receives the TCN BPDU, it also sends out an acknowledgment. However, the Root switch sets the Topology Change flag in its Configuration BPDU, which is relayed to every other switch in the network. This is done to signal the topology change and cause all other bridges to shorten their bridge table aging times from the default (300 seconds) to only the Forward Delay value (default 15 seconds).

This condition causes the learned locations of MAC addresses to be flushed out much sooner than they normally would, easing the bridge table corruption that might occur because of the change in topology. However, any stations that actively are communicating during this time are kept in the bridge table. This condition lasts for the sum of the Forward Delay and the Max Age (default 15 + 20 seconds).

Alcatel-Lucent C


ot Distribute



STP in Action — Topology Change (Breaking a Link)

Host A

Host B

Root

Leaf

Leaf

Leaf

Path Cost 2

Path Cost 10

Path Cost 10

Path Cost 10 A

B D

C

Wait 20 seconds (Max

age time)

BPDU

BPD

U

I am the new root

Given the topology above, the following actions occur when the link between switches A and D has loss of traffic.

1. BPDUs are sent by the root bridge every 2 seconds.

2. When the link between A and D breaks, the root port on D will wait for the maximum age time (20 seconds) before deciding that the path between D and A is no longer operational.

3. During the maximum age time, the BPDUs received at C’s blocked port from D are discarded because C considers these BPDUs to be inferior.

4. After the maximum age time, D thinks it’s the new root and advertises the new BPDUs to C

Alcatel-Lucent C


ot Distribute



STP in Action — Topology Change (Breaking a Link)

Host A

Host B

Root

Leaf

Leaf


Path Cost 10 A

B D

C

BPDU

BPD

U

Listen (15 seconds)Learn (15 seconds)


1. Switch C receives the BPDUs from D’s designated port and realizes that the D’s path to the root A switch is broken. It has a better view to the root A.

2. Switch C then cycles the blocked port to D through listening states when it relays bridge A’s BPDUs to D

3. Switch D obtains the A’s BPDU from C and coverts the port into a root port since this is its only path to root A and enters the listening state

4. Switch C and D’s ports then go through the learning state when data frames are now forwarded and MAC learning takes place.

The total time required for convergence is:

Max Age Time + Listening + Learning = 20 + 15 + 15 = 50 seconds

Alcatel-Lucent C


ot Distribute



STP in Action — Topology Change (Breaking Link; Port disable)

Host A

Host B

Root

Leaf

Leaf

Leaf

Path Cost 2

Path Cost 10

Path Cost 10

Path Cost 10 A

B D

C TBPD

U

T BPDU

T BPDU

TBPD

U

Given the topology above, the following actions occur when the port on D is disabled

Switch A and D will detect a port down since the port on D is explicitly disabled

Switch D will remove its best BPDU it received from Switch A since its root port to A is down

Switch D will normally try to send a TCN BPDU out of its root port but since its root port is down, will not do so

Switch A will send a TBPDU (BPDU with T bit set) since its designated port is down out of its other designated port

Alcatel-Lucent C


ot Distribute



STP in Action — Topology Change (Breaking a Link; Port Disable)

Host A

Host B

Root

Leaf

Leaf


Path Cost 10 A

B D

C

BPDU

BPD

U



Switch A being the root will generate a BPDU with the T bit set down to switch B, C and D

Switch C does not receive any BPDUs from D and will now transition its blocked port to a designated port and go through the listening and the learning stages before setting it to forwarding

The total time required for convergence is:

Max Age Time + Listening + Learning = 15 + 15 = 30 seconds

Alcatel-Lucent C


ot Distribute



STP in Action — Topology Change (Adding a Switch)

Host A

Host B

Root

Leaf

Leaf

Leaf

Path Cost 2

Path Cost 10

Path Cost 10

Path Cost 10Path C

ost 10Path Cost 10

Priority - 16MAC - 00-80-21-00-00-05

Priority - 16MAC - 00-80-21-

00-00-00

BPD

U

BPDU

BPDU

B

D

C

EA

New Root

BPDU

BPDU

BPD

U

BPD

U

New Leaf

New switch E addedNew BPDUs sent

What happens when a new switch is added to the existing topology?

In the figure above, a new switch E is added to the top right of the existing topology. This switch has a lower MAC address than the current root. The following actions occur:

1. As soon as switch E starts it thinks that it is the root, it then advertises BPDUs to neighboring switches A and D.

2. Switch A also sends BPDUs to E because A is still the root in the original topology.

3. Because E has a lower MAC address than A and its root bridge priority is the same as that of A, E becomes the new root and starts advertising BPDUs to all other switches in the topology.

Note: In the figure above, the link between switch A and D no longer exists once switch E is added.

Alcatel-Lucent C


ot Distribute



STP in Action — Topology Change (Adding a Switch)

Host A

Host BLeaf

Leaf

Leaf


Path Cost 10Path C

ost 10

Path Cost 10

B

D

C

EA

Root

Leaf

Re-calculating topologyNew blocked port

Cost to Root 10

Cost to Root 10

Cost to Root 20

Cost to Root 22

Cost to Root 20


1. All other switches in the topology set their ports to the listening state followed by the learning state, in which no data traffic is forwarded.

2. After all BPDUs have converged and the roots and designated ports have been assigned, the switches transition their ports from the listening state to the learning state.

Alcatel-Lucent C


ot Distribute



STP in Action — Topology Change (Path Cost Change)

Host A

Host B

Root

Leaf

Leaf

Leaf

Path Cost 10

2New Path Cost

Path Cost 10

Path Cost Change

New Path Cost 10

B

A

D

C

2Path Cost Path Cost 10

In the figure above, the path between switches C and D is now the better path because the port costs between C and D are changed from 10 to 2.

Alcatel-Lucent C


ot Distribute




Host A

Host B

Root

Leaf

Leaf

Leaf

Path Cost

Path Cost 10

2Path Cost

Path Cost 10

Path Cost Change

Switch C receives BPDUWith new costs

10

BPDU BPDU

BPD

U

BPD

U

BPD

U

BPD

U

B

A

D

C


Switch C will now get BPDUs from the root A with different cumulative costs.

Alcatel-Lucent C


ot Distribute




Host A

Host B

Root

LeafLeafLeaf

Path Cost

Path Cost 10

2Path Cost

Path Cost 10

Path Cost Change

Topology changed

10

Listen (15 seconds)

Learn (15 seconds)

B

A

D

C

Cost to Root 0

Cost to Root 10

Cost to Root 12Cost to Root 20

Cost to Root 10


The following actions occur:

1. Switch C upon receiving BPDUs from the root A via B and D and realizes that the cumulative cost to the root has changed. It will therefore switch both its ports to the listening and the learning state

2. It will then decide that the cumulative cost to root A via B is more than the cumulative cost to root A via D.

3. The ports between C and D change to the forwarding state and the ports between B and C are now blocked.

Alcatel-Lucent C


ot Distribute



Spanning Tree Exercise

Highlight the steps that will ensure that Switch D is added to the existing Bridge topology using STP

Priority - 16MAC - 00-80-21-00-00-10

Priority - 16MAC - 00-80-21-00-00-20

Priority - 16MAC - 00-80-21-00-00-30

Priority - 16MAC - 00-80-21-00-00-40

A

B C

D

10

10

10

10

10

Steps to add Switch D to the existing Topology

1) Ports on switch D initialize on startup, D thinks it’s the root and

2) BPDUs are sent on each of the two ports and received from switches B and C simultaneously. Since a new port facing D has been turned on switches B and C,

3) Both B and C will send a TCN BPDU to the root out of their respective root ports and they will also forward A’s BPDU to the new switch D

4) Switch D upon receiving A’s BPDU realizes that it cannot be the root since A has a lower MAC address. It now has to transition both of its ports into designated ports

5) Switch D now obtains A’s BPDU from both B and C and therefore has to make a decision as to which port it needs to block.

6) Since both ports on D are equal cost away from the root, D examines the sender bridge’s id i.e. MAC address of B and MAC address of C in the BPDUs.

7) B’s MAC address is smaller, therefore D will block its port towards C. It will then transition its port towards B as a root port and go into the listening state.

8) In the meantime the TCN BPDU generated by B and C towards the root, will be acknowledged by the root A setting the TCA bit on its timely BPDU configuration messages

9) All switches upon receiving this BPDU will set their MAC database flush timer to 15 seconds from the original 300 seconds

10) The root port on D will now go into the learning state after the listening state where it will now receive all the end station data and finally the STP topology is converged

Alcatel-Lucent C


ot Distribute

Ethernet Overview

Section 3 — Rapid Spanning Tree

Alcatel-Lucent C


ot Distribute



What is RSTP?

What is RSTP?Stands for rapid spanning tree protocolAn evolution to the loop prevention algorithm (STP) from 802.1dNew IEEE specification is 802.1wAchieves rapid failover and convergence timesUnlike STP, RSTP is not timer-basedAllows backward compatibility with 802.1d STP

Why do we need RSTP?Network topology convergence is significantly faster than STP

The major advantage of RSTP over STP is rapid convergence: the network takes less than 5 seconds to converge to a forwarding topology. STP can take up to a minute for a similar-sized network.

RSTP was the natural evolution of STP. As the demands on the network became more critical, the existing STP convergence time was no longer adequate. The terminology used with RSTP remains basically unchanged.

Note that RSTP is disabled by default on all 7750 SR products.

Alcatel-Lucent C


ot Distribute



Forwarding

Learning

Discard

RSTP port state

Yes

No

No

Part of active topology

Yes

Yes

No

Learning of MAC addresses

Disabled

Forwarding

Learning

Listening

Blocking

STP port state

STP vs. RSTP — Port States

In STP, the port states were confusing because STP mixed the state of the port (blocking or forwarding traffic) with the role it played in the topology (root port, designated port, or neither).

For example, ports in the blocking state and listening state are operationally similar: they both discard frames and do not learn MAC addresses. In addition, when a port is in the forwarding state, there is no way to infer that it is a root or designated port.

Alcatel-Lucent C


ot Distribute



Blocked

Designated

Blocking

Forwarding

Port states

Alternate

BackupBlocked

Root

STP port role (assigned by STP algorithm)

Designated

Root

RSTP port role(configurable)

Role — A new variable assigned to a bridge port

STP vs. RSTP — Port Roles

The major difference between STP and RSTP is that the port roles are configurable in RSTP, while in STP they were determined by the algorithm. This adds more time for the network topology to converge in STP when there is a change in the topology due to failure or redesign.

In STP, the port roles were either forwarding or blocking. RSTP is granular when approaching the roles of the ports. The switch is now able to define which forwarding port is a root port or a designated port. The switch can also elect backup and alternate ports for faster recovery from a failure.

Alcatel-Lucent C


ot Distribute



Alternate Port

Root

Root Port Root Port

Designated PortDesignated Port

Designated PortAlternate Port

BPDU

The alternate and backup ports are blocking ports; however, they have been selected to be the ports that are turned on in the event of a failure. The alternate port resides on a different switch than the designated port.

Alcatel-Lucent C


ot Distribute



Backup Port

Root

Root PortRoot Port

Designated PortDesignated Port

Designated PortAlternate Port Backup Port

BPDUBPDU

The alternate and backup ports are blocking ports; however, they have been selected to be the ports that are turned on in the event of a failure. The backup port resides on the same switch as the designated port.

Alcatel-Lucent C


ot Distribute



RSTP BPDU Format

Flags (1 byte)

Version 1 length (2 bytes)

Forwarding delay (2 bytes)

Hello time (2 bytes)

Maximum age (2 bytes)

Message age (2 bytes)

Port ID (2 bytes)

Bridge ID (8 bytes)

Path cost (4 bytes)

Root ID ( 8 bytes)

Message type (1 byte)

Version (1 byte)

Protocol ID (2 bytes)

Configurable

Configurableon root bridge

Bit 4 – Learning

Bit 7 – Topology change ACK

Bit 6 – Agreement

Bit 5 – Forwarding

Bit 2, 3 – Port role0 0 Unknown0 1 Alternate/backup1 0 Root1 1 Designated

Bit 1 – Proposal

Bit 0 – Topology change

In the slide above, only the shaded fields have been changed to support RSTP. As shown, the major change is with the Flags field. In STP, only bits 0 and 7 were identified. RSTP now makes full use of the entire octet.

The message type is now 2, and the version is 2 (this allows 802.1w bridges to detect legacy 802.1d bridges).

Alcatel-Lucent C


ot Distribute



Uses a feedback mechanism (no timers involved)

Based on timers (Forward Delay and Max-Age)

Transition to forwarding state

RSTPSTP

Inferior BPDU is accepted and previously stored information may be replaced

—Accepting inferior BPDUs

BPDUs are used like keepalive messages (after 3 BPDUs in a row are missed it ages it out)

BPDU is aged after the max-age timer expires (and no BPDU is received on the port)

Aging

Bridge sends BPDU at hello time intervals

Non-root bridge only transmits BPDUs when it receives one on the root port

BPDU handling

STP vs. RSTP — BPDUs

BPDU handling — STP only generates a BPDU when it receives one on its root port. This is time-consuming as it renders bridges more as BPDU relayers than generators. This change in RSTP greatly improves BPDU handling efficiency.

Aging — In RSTP, due to the way BPDUs are now handled, they can serve as keepalive timers from bridge/switch to bridge/switch. If 3 BPDUs are missed in a row, the bridge/switch considers either the direct neighbor or the designated bridge/switch as unreachable. This results in much faster failure detection.

In STP, this would not be possible, and if the max age expires, the neighbor cannot be assumed to be down. It would only indicate that somewhere along the path from the port with the max age expired to the root bridge/switch, there is a failure.

Accepting inferior BPDUs — This concept is new to RSTP and does not exist in STP. Inferior BPDUs are control information received on a switch that is older than the control information stored on the switch. Accepting inferior information from the designated or root bridge/switch means that the network can recover far more quickly from topology failures.

Transition to forwarding state — This RSTP feature is the key factor in the improvement of topology convergence. This topic is covered in more detail on the next slide.

Alcatel-Lucent C


ot Distribute



1-step process (topology change flooded quickly across the network)

First sent to root bridge/switch, then relayed from root all the way to the leaf bridge/switch

Topology change

RSTPSTP

No acknowledgement (clears MAC addresses on all ports)

Replies with BPDU with TCA bit set

Topology ACKs

Sends BPDUs (with TC bit set) on all designated and root ports

Sends TCN BPDUs toward rootTopology change notification

STP vs. RSTP — Topology

Alcatel-Lucent C


ot Distribute



RSTP Operation

Root

RPRP

DP

DP

DP

AP

BPDU

BPDU

BPD

U

BPD

U

BPDU

BPDU

BPDU

3 BPDUs missing

A

FB

H

A

GC D

IE AP

RPRP

DP

DP

DP

A

FB

H

A

GC D

IE

BPDU

exc

hang

e

BPDU BPDU With TC bit set

RP

1. The link between C and E breaks

2. E doesn’t get 3 BPDUs in a row and realizes that its port to the root is broken

3. C also realizes that it hasn’t received 3 BPDUs in a row from E and concludes that there must be a topology change between C and E

4. It generates a BPDU with TC bit set and floods this out its root port. Switch B receives this BPDU and sends it out all its forwarding ports

5. All switches receiving this BPDU with the TC bit set send this out of all its forwarding ports

6. E now thinks it’s a root since it doesn’t process any BPDUs received from D. It then transitions its port to D into the forwarding state

7. It exchanges BPDU with D indicating to D that it is the root

8. D replies back with a BPDU indicating that it knows of a better root which is A

9. E then changes its port into a root port

Alcatel-Lucent C


ot Distribute

Ethernet Overview

Section 4 — Virtual LAN

Alcatel-Lucent C


ot Distribute



Switches and VLANs

A VLAN permits a group of ports to share a common broadcast domain regardless of physical location.A VLAN can reside on 1 switch or on many switches.Each VLAN is identified by a VLAN ID.Devices in different VLANs can only communicate with each other if the frame is first sent to a layer 3 device (a router).

On the 7750 SR and 7450 ESS there is no default VLAN for all ports to join. Other types of switches may have a default VLAN for ports that are not assigned to a particular VLAN.

Alcatel-Lucent C


ot Distribute



Why VLANs?

Network nodes

Hierarchical

networks

Flat networks

Broadcast traffic as a percentage ofnetwork capacity

100

100

There are two main reasons for the development of VLANs: the amount of broadcast traffic and increased security.

Broadcast traffic increased in direct proportion to the number of stations in the LAN. The goal of the VLAN is the isolation of groups of users so that one group is not interrupted by the broadcast traffic of another.

VLANs also have the benefit of added security by separating the network into distinct logical networks. Traffic in one VLAN is separated from another VLAN as if they were physically separate networks. If traffic is to pass from one VLAN to another, it must be routed.

Alcatel-Lucent C


ot Distribute



VLAN 101VLAN 102VLAN 103

Ethernet switch

Internal switchVLAN 101



Port 1

Port 2

Port 3

Port 5

Port 6

Port 7

How Do VLANs Work?

In the figure above, VLANs subdivide the Ethernet switch into multiple switches. Note that there are no logical interconnections between these internal switches. Therefore, the broadcast traffic that is generated by a host in a VLAN stays within that VLAN, making the VLAN its own broadcast domain. Because broadcast traffic for a particular VLAN remains within that VLAN’s borders, inter-VLAN or broadcast domain communication must occur through a layer 3 device such as a router.

Hosts are not VLAN-aware, and therefore no 802.1q configuration is required on the hosts. The VLAN configuration is done within the switch and ports are assigned on a VLAN-by-VLAN basis.

Alcatel-Lucent C


ot Distribute



VLAN 101

Host 1 sends out a broadcast. Which hosts will receive the broadcast?

VLAN Exercise

Switch 1

VLAN 102

VLAN 102

VLAN 101

Host 1

Host 2

Host 3

Host 4

Broadcast

Broadcast

In the figure above, Host 1 sends out a broadcast. Because Host 4 is the only other member of the VLAN, it is the only host to receive the broadcast.

The FDB entries behave much the same way in the VLAN model as they do in the switch model: they are updated based on the source address. In the figure above, the source address of the broadcast frame is only learned by VLAN 101. VLAN 102 will not know the source address of Host 1 after Host 1 transmits its broadcast packet. Therefore, in a VLAN environment, a separate FDB is kept for each VLAN. In the example above, this means that VLAN 101 will never learn about Host 3 or Host 2 unless it is manually configured or interconnected at layer 3.

Alcatel-Lucent C


ot Distribute



Switch 1

Switch 2 Switch 3


VLANs across Multiple Switches

The standard that governs VLAN identification between switches (also known as tagging) is 802.1q.

This standard stipulates that a 4-octet header/tag be inserted in the Ethernet frame between the source address and the type/length fields.

Tags are the key component that allows 802.1q to function, and they are the method with which Ethernet frames can be associated with a VLAN segment.

Alcatel-Lucent C


ot Distribute



VLANs over Multiple Switches

Switch 1

Switch 2

MAC FDB VLAN 101MAC FDB VLAN 102MAC FDB VLAN 103



Separate Physical

Interfaces

The sharing of VLANs between switches is achieved by the insertion of a header with a 12-bit VID, which allows for 4094 possible VLAN destinations for each Ethernet frame.

A VID must be assigned for each VLAN. Assigning the same VID to VLANs on different connected switches can extend the VLAN (broadcast domain) across a network.

The 802.1q standard works by inserting a 32-bit VLAN header into the Ethernet frame of all network traffic of the VLAN. The VID uses 12 bits of the 32-bit VLAN header. The switch then uses the VID to determine which FDB it will use to find the destination. After a frame reaches the destination switch port, the VLAN header is removed.

Alcatel-Lucent C


ot Distribute



VLAN Trunking

Switch 1

Switch 2




VLAN trunking provides efficient inter-switch forwarding of VLAN frames. In the previous example, each VLAN required its own inter-switch connections to forward frames from one switch to another.

VLAN trunking allows a single Ethernet port to carry frames from multiple VLANs. This allows the use of a single high-bandwidth port, such as a gigabit Ethernet port, to carry the VLAN traffic between switches instead of multiple fast Ethernet ports.

VLANs are separated within the trunk based on their VLAN IDs (Q tags). The FDB at the destination switch designates the destination VLAN for the traffic on the VLAN trunk.

Alcatel-Lucent C


ot Distribute



SFDPre-amble DA SA Length

/Type P a y l o a d (46 to 1500 bytes) FCS

802.1q tag type (value 81 00) Tag control information

2 bytes2 bytes 2 bytes2 bytes

CFI(Canonical format: bit ordering can be different)CFICFI(Canonical format: bit orderin(Canonical format: bit ordering can be different)g can be different)

User_priorityUser_priorityUser_priority VLAN_IDVLAN_IDVLAN_ID

3 bits3 bits3 bits 1 bit1 bit1 bit 12 bits12 bits12 bits

Length of the MAC frame + 4 bytes

Length of the Length of the MAC frame + 4 bytesMAC frame + 4 bytes

VLANtag

802.1q Ethernet Frame

VLAN Tagging

The VLAN header can be broken down into two parts: the VLAN tag type and the tag control information.

The tag type is a fixed value that is an indicator of a VLAN tag. It indicates that the Length/Type field can be found a further 4 bytes into the frame. Because the frame is a Q-tag frame and is longer, it needs to indicate that the Length/Type field is offset from the traditional location by 4 bytes.

The tag control information has three parts:

Priority value — A 3-bit value that specifies a frames priority.

CFI — A single bit. A setting of 0 means that the MAC address information is in its simplest form. Currently no other value is supported.

VID — A 12-bit value that identifies the VLAN that the frame belongs to. If the VID is 0, the tag header contains only priority information.

Alcatel-Lucent C


ot Distribute



VLAN Stacking — More VLANs

CE

CE

CE CE

CE

CE

Customer 1VLAN 10-300






Customer 1VLAN 20Customer 2VLAN 200Customer 3VLAN 35

PE PE

data10-300

data10-30020

data10-300

data10-300

data10-300

data10-300200

data10-30035

data10-300

data10-300

A restriction of Ethernet VLANs is the limited number of VIDs. With 12 bits used to define the VID, there are only 4096 possibilities. Because VLAN 0 and 4095 are reserved, the PE is really only capable of supporting 4094 VLANs — not a significant number if it is compared with the expanding rates of networks.

One of the solutions to this restriction is VLAN stacking, also known as Q-in-Q. VLAN stacking allows the service provider to use layer 2 protocols to connect customer sites. In the figure above, 3 customers are connected through a common switch using VLAN stacking.

At the PE, the administrator has assigned a VLAN to represent the customer on that port. When the customer’s traffic arrives at the PE device, the PE switch simply inserts another VLAN tag in the frame. It is this second or stacked VLAN tag that takes the customer’s traffic through the provider’s network. At the egress port of the PE equipment, the second or stack VLAN tag is removed and the traffic forwarded out the port.

This allows Customers 1, 2, and 3 to use the same VLAN tags in their network. In theory, the service provider can support 4094 customers, with each customer supporting 4094 VLANs within their network.

Alcatel-Lucent C


ot Distribute



DA SA Length/Type P a y l o a d (46 to 1500 bytes) FCS

VLANtag

DA SA Length/Type P a y l o a d (46 to 1500 bytes) FCSVLAN

tagVLANtag

Customer VLAN Tag 100

Customer VLAN Tag 100

Providers VLAN Tag 20

VLANs Stacking — More VLANs (continued)

In the figure on the previous slide, Customer 1 has sent a frame to the PE switch with a VLAN tag of 100. The PE switch inserts a second VLAN tag of 20. This tag number represents Customer 1 traffic. The second tag keeps Customer 1 traffic separate from Customer 2 and 3 traffic and gives Customer 1 the ability to add 4095 more associated VLANs.

The VLAN tag that is inserted by the provider is the VLAN tag that is used in the provider network. When the frame has reached the appropriate egress port, the provider’s VLAN tag is removed and the frame with the customer’s VLAN tag is forwarded out the egress port.

Alcatel-Lucent C


ot Distribute

Ethernet Overview

Section 5 — Multiple Spanning Tree Protocol

Alcatel-Lucent C


ot Distribute



Multiple Spanning Tree Protocol (MSTP)

What is MSTP?Why do we need MSTP?Differences: MSTP vs. STPWhere to use MSTP

Example

Alcatel-Lucent C


ot Distribute



Multiple Spanning Tree Protocol

What is MSTP?An IEEE standard that allows more than one instance of STPA natural progression from RSTP, introduced in 2003 as part of 802.1s

Why do we need MSTP?Allows load balancing of network between different sets of VLANsAllows a set of VLANs to run a single instance of the spanning tree while another set runs another instance of the spanning treeSome early versions of MSTP, before 802.1s, used a single STP instance per VLAN, which was very CPU-intensive. MSTP lowers CPU usage in these instances.Reduce overhead of BPDUs as otherwise they're sent for every VLANInteroperabilityScalabitility

Alcatel-Lucent C


ot Distribute



Switch A

Switch CSwitch B

R

D

A

VLAN 1-500

VLAN 501-1000

Root

LeafLeaf

D

R

D

D - DesignatedR - RootA - Alternate

Port States

Standard STP

In a common spanning tree, all VLANs are mapped to the same spanning tree instance. This leads to under-utilized links and possible communication interruptions.

Alcatel-Lucent C


ot Distribute



D - DesignatedR - RootA - Alternate

Port StatesSwitch A

Switch CSwitch B

R

D

A

VLAN 1-500VLAN 501-1000

D

R

D

D

R D

D

A R

MSTP

With MSTP, each VLAN or range of VLANs is mapped to a separate instance of STP. This allows for better utilization of the network. As shown in the figure above, MSTP permits multiple root switches in a network. In one instance of the spanning tree a port may be blocking, but another instance may use that port for forwarding.

Alcatel-Lucent C


ot Distribute



Module Summary

Provided an overview of Ethernet and the various types of Ethernet framesDiscussed the operation of an Ethernet switch and how MAC addresses are dynamically learnedDiscussed the concept and reasons behind STPCompared STP and RSTPDiscussed the concepts of VLANs and why they are usedDiscussed VLAN stacking and why it is usedDiscussed the use of MSTP and how it can be used with VLANs

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. What is the purpose of using a spanning tree protocol?A. Prevent routing loopsB. Maintain redundant paths in a switched environmentC. Build forwarding tablesD. Prevent switching loops

2. The forwarding port leading away from the root bridge is known as what?

A. Backup portB. Designated portC. Root portD. Alternate port

3. When would it be appropriate to use the multiple spanning tree protocol?

A. When using VLANsB. In a simple switched networkC. When crossing broadcast domains

Alcatel-Lucent C


ot Distribute




4. How is the root bridge/switch selected?A. Election process using the highest bridge IDB. Election process using the lowest bridge IDC. Election process based on the port priorityD. Election process based on the port MAC address

5. When would CSMA/CD be invoked?A. When multiple hosts share the same mediumB. When a single host is directly connected to a single switch portC. CSMA/CD is no longer used

6. What is the primary difference between STP and RSTP?A. Basically the same except RSTP is easier to installB. STP uses the concept of backup and alternate portsC. RSTP uses the concept of backup and alternate ports

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent C


ot Distribute


Module 4 — IP Overview

Alcatel-Lucent C


ot Distribute



Module Objectives


Discuss the concept of IP address classesCalculate IP subnetsCalculate variable length subnet masksDiscuss the concept of CIDRDiscuss the value of route summarizationCalculate routing entries as a result of route summarizationConduct basic network designConfigure and verify layer 3 interfaces on the 7750 SR and 7450 ESS switches

Alcatel-Lucent C


ot Distribute

IP Addressing

Section 1 — IPv4 address

Alcatel-Lucent C


ot Distribute



Internet Protocol

Packet-based protocol used to exchange informationEquivalent to the OSI network layerProvides addressing, fragmentation, reassembly, and protocol demultiplexingEnables the routing of information

The Internet Protocol (RFC 791) provides services that are roughly equivalent to the OSI network layer. IP provides a datagram (connectionless) transport service across the network. This service is sometimes referred to as unreliable because the network does not guarantee delivery or notify the end host system about packets lost due to errors or network congestion. IP datagrams contain a message, or one fragment of a message, that may be up to 65 535 bytes (octets) in length. IP does not provide a mechanism for flow control. This is taken care of by the transport layer.

IP supports a whole range of application protocols, such as ICMP, and ARP.

Alcatel-Lucent C


ot Distribute



IPv4 Packet

Version — Always set to the value 4, which is the current version of IP

IHL — IP Header Length: Number of 32-bit words forming the header, usually five

ToS, now known as DSCP — Usually set to 0, but may indicate particular QoS needs from the network. The DSCP defines the way routers should queue packets while they are waiting to be forwarded

Size of Datagram — In bytes, the combined length of the header and the data

Identification — 16-bit number that, together with the source address, uniquely identifies this packet; used during the reassembly of fragmented datagrams

Flags — Sequence of three flags (one of the four bits is unused) used to control whether routers are allowed to fragment a packet (i.e., the Don't Fragment [DF] flag), and to indicate the parts of a packet to the receiver

Fragmentation Offset — Byte count from the start of the original sent packet, set by any router that performs IP router fragmentation

Time To Live — Number of hops/links that the packet may be routed over, decremented by most routers (used to prevent accidental routing loops)

Protocol — SAP that indicates the type of transport packet being carried (e.g., 1 = ICMP, 2= IGMP, 6 = TCP, 17 = UDP)

Header Checksum —1s complement checksum inserted by the sender and updated whenever the packet header is modified by a router. Used to detect processing errors introduced into the packet inside a router or bridge in which the packet is not protected by a link-layer cyclic redundancy check. Packets with an invalid checksum are discarded by all nodes in an IP network.

Source Address — IP address of the original sender of the packet

Destination Address — IP address of the final destination of the packet

Options — Not normally used, but when used, the IP header length is greater than five 32-bit words to indicate the size of the options field

Alcatel-Lucent C


ot Distribute



IPv4 Addressing

An IP address is a unique L3 identifier of computers, routers, and devices in an IP network.The 32-bit address is in dotted-decimal format, with each octet separated by a period.

IP address example: 192.168.2.100

Binary equivalent: 11000000.10101000.00000010.01100100

An IP address is 32 bits long and is in binary format, normally expressed by four decimal numbers. Each decimal number is separated by a dot. This format is called dotted-decimal notation.

The dotted-decimal format divides the 32-bit IP address into four octets of 8 bits each. These octets specify the value of each field as a decimal number, as shown in the slide above.

The range of each octet is from 0 to 255.

Alcatel-Lucent C


ot Distribute



IPv4 Addressing (continued)

Network Number Host Number

Network Prefix Host Number

OR

32 Bits

The first part of an IP address identifies the network that a host would reside in. The second part of an IP address identifies an individual host inside that network. This creates a two-level hierarchy, as shown in the slide above.

All hosts in a given network share the same network prefix. However, the host numbers must be unique to each host. Conversely, hosts with different network prefixes may share the same host number.

Note: The size of the network/host portions can be adjusted, as shown in the following slides.

Alcatel-Lucent C


ot Distribute



IPv4 Address Classes

Network

Network

Network

Host

Host

Host

0

0

0

7

15

23

31

31

31

8

16

24

Class A

Class B

Class C

0

0

0

1

11

32 bits

When addresses were first being assigned, it was decided that, to provide some form of flexibility to support the various sizes of networks that were being implemented, the IP address space be divided into classes.

The classes were defined as Class A, Class B, and Class C. This is referred to as classful addressing because the address space is split into predefined sizes. As shown above, each class defines the boundary between the network and host at a different octet within the 32-bit address.

Class A (1 to 126) — A Class A network has an 8-bit network prefix and, as shown above, the highest-order bit is always set to 0. This allows for a maximum of 128 networks that can be defined; however, 2 out of the 128 networks are reserved. The 0.0.0.0 network is reserved for default routes, and the 127.0.0.0 network is reserved for loopback functions.

Class B (128 to 191) — A Class B network has a 16-bit network prefix and, as shown above, the two highest-order bits are always set to 10. A maximum of 16 384 networks can be defined.

Class C (192 to 223) — A Class C network has a 24-bit network prefix and, as shown above, the three highest-order bits are always set to 110. A maximum of 2 097 152 networks can be defined.

Classes D (224 to 239) and E (240 to 255) — Class D is used for multicast addresses (used in applications such as OSPF), and Class E is used for scientific purposes.

The concept of classes never envisioned the enormous growth of the Internet. Many of the addressing problems can be traced back to this early classification of the IP address space.

Alcatel-Lucent C


ot Distribute



Unique IP Addressing

Each node that uses the TCP/IP protocol suite has a unique 32-bit logical IP address.

10.0.0.110.0.0.2

192.168.0.1

192.168.0.2 172.16.0.1

172.16.0.2

192.10.0.1

192.10.0.2

192.10.0.3

192.10.0.4

172.5.0.1

172.5.0.2

172.5.0.3

172.5.0.4

Hosts

HostsNetworkNetwork

Network

NetworkNetwork

A router’s function is to separate broadcast networks. In the figure above, each router is connected to 2 or 3 networks via 2 or 3 interfaces. Every interface is identified by an IP address. The interfaces in the same network belong to the same network prefix or network class.

There are 5 networks in the figure above:

Class C 192.168.0.0

192.10.0.0

Class B 172.5.0.0

172.16.0.0

Class A 10.0.0.0

Alcatel-Lucent C


ot Distribute



IP Global Address Assignments

Global addressing is provided by IANA.Major organizations of the world all have specific address assignments.Address assignments are available at RFC 1466 http://www.iana.org/assignments/ipv4-address-space.The Alcatel IP address assignment is 138.120.0.0.The addresses assigned by IANA are also referred to as public addresses.In addition, IANA reserves some addresses (referred to as private addresses) to be used in private networks.

Under the current IP addressing scheme (often known as IPv4, eventually to be replaced by IPv6), the address space is divided into two types: public address space and private address space. Understanding the difference is important and useful for a network administrator, especially if your organization is connected to the Internet. All of the public address space (IP addresses) that are routable via the Internet are managed by one of the three RIRs. Each RIR is responsible for a geographic region. (Don't confuse RIRs with the InterNIC [http://www.internic.net] and its designated registrars, such as Network Solutions, Inc. They handle domain name registration, not address registration.)

The IANA distributes IP addresses to the RIRs.

You must request address space, and IANA will either grant or deny your request. Alternatively, you can request the address space from your ISP (who then, in turn, allocates from its ARIN-allotted address space, or makes the request on your behalf).

This system preserves address space and provides a central authority to prevent address-space collisions. When you are using a public address, you can send to and receive from all (non-broken) parts of the Internet. This means that all routers on the Internet have an idea about how to route your IP address toward you. Because of this, not all address space is portable. If you own your address space, you can authorize an ISP to route it for you, but there is a chance that when you change providers or locations, it will no longer be possible to route your IP addresses to the new location. (You might, therefore, want to check before you travel with your address space.)

IANA has reserved the following three blocks of the IP address space for private internets (local networks):

10.0.0.0 to 10.255.255.255172.16.0.0 to 172.31.255.255192.168.0.0 to 192.168.255.255

In addition, IP addresses in the range of 169.254.0.0 to 169.254.255.255 are reserved for automatic private IP addressing. These IP addresses should not be used on the Internet.

Alcatel-Lucent C


ot Distribute



IPv4 Addressing (Unicast/Broadcast)

“Unicast address” refers to a specific IP address.A routing update from source to a specific destination address is referred to as a unicast update. This update is usually delivered to a single host or a single interface on the router.

Example: 139.120.200.25

“Broadcast address” refers to all IP addresses in the broadcast domain.

A routing update from a source to all hosts in a broadcast domain (such as Ethernet) is referred to as a broadcast update. The destination IP address in the update contains the network number and all 1s for the host address.

Example: 138.120.255.255 specified in the destination IP header of a packet ensures that the packet will be delivered to all hosts in the 138.120.0.0 network.

Alcatel-Lucent C


ot Distribute



IPv4 Addressing (Multicast/Anycast)

Multicast addressUsed to address a group of hostsReserved addresses are used for specific applications (224.0.0.0 to 239.255.255.255)

Anycast addressAny source or destination address but do not uniquely identify a hostUpdates are sent to the nearest host or service No specific address ranges for anycast addressesSupported differently in IPv6

Alcatel-Lucent C


ot Distribute

IP Addressing

Section 2 — Subnet Introduction

Alcatel-Lucent C


ot Distribute



Subnetting

Network Host

Host

0 15 31

31

16

24

Class B 01

2316Subnet

Introduces an additional level of hierarchy in addressing.Without subnetting, there are the network and host portions.With subnetting, there are the network, subnetwork, and host portions.Host space is now more efficiently used. For example, with one network address, 6 or more subnetworks can be created.

There are three main problems with classful addressing.

Lack of Internal Address Flexibility — Big organizations are assigned large, monolithic blocks of addresses that do not match the structure of their underlying internal networks well.

Inefficient Use of Address Space — The existence of only three block sizes (Classes A, B, and C) leads to waste of limited IP address space.

Proliferation of Router Table Entries — As the Internet grows, more and more entries are required for routers to handle the routing of IP datagrams, which causes performance problems for routers. Attempting to reduce inefficient address space allocation leads to even more router table entries.

As shown in the slide above, these problems were resolved by adding another layer of hierarchy to the addressing structure. Instead of being a simple two-level hierarchy, that defines the network prefix and host number, a third level was introduced that defines a subnet number.

Adding a third level allowed network administrators the flexibility to manage their current network address in a manner that best suited their needs by assigning a distinct subnet number for each of their internal networks.

Alcatel-Lucent C


ot Distribute



Subnet Masking

Q. How do you identify the subnet portion of a network?A. With the concept of subnet masking.

A subnet mask is a 32-bit number that accompanies an IP address.The mask indicates the network and the subnet.Boolean logic is performed to differentiate the network and subnet.In a subnet, the first and last IP addresses are reserved.

The first address is the subnetwork.The last address is reserved as a broadcast address for the subnetwork.

A subnet mask is a 32-bit binary number that accompanies an IP address. It is created so that it has a one bit for each corresponding bit of the IP address that is part of its network ID or subnet ID, and a zero for each bit of the IP address’s host ID. The mask thus tells TCP/IP devices which bits in the IP address belong to the network ID and subnet ID, and which are part of the host ID.

Alcatel-Lucent C


ot Distribute



Subnet Masking (continued)

IP Address Example: 192.168.2.132 (Class C)What is the network and what is the subnet?Let’s assume a subnet mask of 255.255.255.128 (32-bit value).Rewriting the IP address and subnet mask as binary and applying Boolean logic:IP address 11000000.10101000.00000010.10000100

LOGICAL AND

Subnet mask 11111111.11111111.11111111.10000000equals

Subnetwork 11000000.10101000.00000010.10000000192.168.2.128

Network Class C 192.168.2.0Subnetwork 192.168.2.128Host range 192.168.2.129 to 192.168.2.254

The subnet mask of 255.255.255.128 has been chosen arbitrarily and is applied to the IP address of 192.168.2.132, which is a Class C address. This subnet mask splits the Class C network of 192.168.2.0 into two subnetworks, each with 127 hosts.

Using another IP example of 192.168.2.100, after applying the Boolean logic as shown above, we have the Class C network, which is always 192.168.2.0, and the subnetwork with 192.168.2.0, with the host range of 192.168.2.0 to 192.168.2.127.

Note that, although the subnet and the network have the same network prefix, they are essentially different.

A network with 192.168.2.0 with no subnet mask has a host range of 192.168.2.0 to 192.168.2.25.

As seen in the next slides, a network of 192.168.2.0 can be referred to as a network with 192.168.2.0 with a subnet mask of 255.255.255.0.

Alcatel-Lucent C


ot Distribute



Subnet Masks

An IP address is usually associated with a subnet mask IP:192.168.2.132 with a subnet mask of 255.255.255.128IP:192.168.2.132 with a subnet mask of 255.255.255.0

Another denotation for subnet masking is using /x, where x represents the number of 1s in the subnet mask

255.255.255.0 can be referred to as /24, as in 24 1s255.255.255.128 can be referred to as /25, as in 25 1sIP:192.168.2.132/24 implies a subnet mask of 255.255.255.0

All possible subnet masks are as follows:

128.0.0.0 /1 255.255.128.0 /17

192.0.0.0 /2 255.255.192.0 /18

224.0.0.0 /3 255.255.224.0 /19

240.0.0.0 /4 255.255.240.0 /20

248.0.0.0 /5 255.255.248.0 /21

252.0.0.0 /6 255.255.252.0 /22

254.0.0.0 /7 255.255.254.0 /23

255.0.0.0 /8 255.255.255.0 /24

255.128.0.0 /9 255.255.255.128 /25

255.192.0.0 /10 255.255.255.192 /26

255.224.0.0 /11 255.255.255.224 /27

255.240.0.0 /12 255.255.255.240 /28

255.248.0.0 /13 255.255.255.248 /29

255.252.0.0 /14 255.255.255.252 /30

255.254.0.0 /15 255.255.255.254 /31

255.255.0.0 /16

Alcatel-Lucent C


ot Distribute



All 0 and All 1 Subnet

Subnet 0 192.168.1.0/27 11000000.10101000.00000001.00000000Subnet 1 192.168.1.32/27 11000000.10101000.00000001.00100000Subnet 2 192.168.1.64/27 11000000.10101000.00000001.01000000Subnet 3 192.168.1.96/27 11000000.10101000.00000001.01100000Subnet 4 192.168.1.128/27 11000000.10101000.00000001.10000000Subnet 5 192.168.1.160/27 11000000.10101000.00000001.10100000Subnet 6 192.168.1.192/27 11000000.10101000.00000001.11000000Subnet 7 192.168.1.224/27 11000000.10101000.00000001.11100000

All 0 subnet

All 1 subnet

27 bits

Given a network 192.168.1.0 and subnet mask of /27, what are the possible subnets and hosts?

What is the difference between 192.168.1.0/24 and 192.168.1.0/27?

When subnetting first came about, the use of the all 0 and all 1 subnet was forbidden. That meant that when doing your subnet calculations, you had to subtract two subnets, and all host addresses associated with them, from your network. The reason why these subnets were restricted was because of the older classful routing protocols, such as RIPv1. These addresses could cause confusion in a router that ran a classful protocol.

In the all 0 subnet, for example, a router must be able to transmit its routing updates with the route/prefix so that a receiving router can differentiate between the new 192.168.1.0/27 subnet and the 192.168.1.0/24 base network addresses. Without being able to understand these prefix lengths, a router would not be able to understand the difference between the base network and the all 0 subnet.

With the all 1 subnet, a router also needs to understand the prefix length so that it can determine if a broadcast should be sent to the all 1 subnet or to the entire network. If the router does not understand the prefix length, it does not know if the broadcast 192.168.1.255 would be sent to the all 1 subnet or to all hosts in all subnets.

Alcatel-Lucent C


ot Distribute



Calculating Host Addresses

Host address 0 192.168.1.0/27 11000000.10101000.00000001.00000000Host address 1 192.168.1.1/27 11000000.10101000.00000001.00000001Host address 2 192.168.1.2/27 11000000.10101000.00000001.00000010………………………….Host address 29 192.168.1.29/27 11000000.10101000.00000001.00011101Host address 30 192.168.1.30/27 11000000.10101000.00000001.00011110Host address 31 192.168.1.31/27 11000000.10101000.00000001.00011111

All 0 host

All 1 host

Example:

Find all hosts in subnet address 192.168.1.96/27

Total number of hosts 30

First host 192.168.1.96+1/27 192.168.1.97/27

Tenth host 192.168.1.96+10/27 192.168.1.106/27

Last host 192.168.1.96+30/27 192.168.1.126/27

Broadcast address 192.168.1.96+31/27 192.168.1.127.27

The assigned host address field of a subnet cannot contain all 0s or all 1s. The host number of all 0s is reserved for the network address while the host number of all 1s is reserved for the broadcast address for that network or subnet.

In the example above, 5 bits are used for the host address field. Using the formula of 25 – 2 = 30, there are 30 assignable host addresses in this subnet. This means that each of the subnets that were created can support a maximum of 30 hosts. In the example above, defining the host address for the tenth host in the subnet is relatively simple: you simply take the host bits and place them in the bit pattern that represents 10 or 01010. This gives the host address of 192.168.1.10/27. If one of the other subnets were used (for example, 192.168.1.96/27), defining the host address is a little more difficult; however, the concept remains the same.

Given a subnet address of 192.168.1.96/27 to define the tenth host address, the host bits are once again arranged in the bit pattern that represents 10 or 01010. This is then added to the network address of 192.168.1.96/27 to give the host address of 192.168.1.106/27.

To define the broadcast address for this network, the host bits would be all set to 1 or 11111. This is the binary representation of 31, so 31 would be added to the network address of 192.168.1.96, giving a broadcast address of 192.168.1.127/27 for this particular subnet.

Alcatel-Lucent C


ot Distribute



Extended Network Prefix

Class-based addressing for IP addresses is not required and is seldom used today.Subnetting is very common for IPv4 addresses, and all network addresses supported by modern protocols expect a subnet mask.Because any subnet mask can be applied to any IP address, a network address can be referred to by a prefix with a subnet mask.

For example: A Class A IP address of 10.0.0.0 can be referred to asnetwork 10.0.0.0/8, where /8 implies a subnet mask of 255.0.0.0, ornetwork 10.0.0.0/16, where /16 implies a subnet mask of 255.255.0.0, in which case the 10.0 is the extended network prefix.

Similarly, an IP address of 138.120.24.253/25 has an extended network prefix of 138.120.24.128.

Routers use the network prefix of the destination IP address to route the traffic to a subnetted environment. Routers in the subnetted environment use the extended network prefix to route traffic between the individual subnets. The extended network prefix is a combination of the network prefix and the subnet number.

The extended network prefix was originally defined by the subnet mask, as shown in the slide above. When the bits in the subnet mask are set to 1, the router examining the address treats the corresponding bits in the destination IP address as part of the network address. The bits in the subnet mask that are set to 0 define the host portion of the address.

The more modern protocols, such as OSPF, ISIS, and BGP, allow the extended network prefix to be represented by a decimal number that indicates the length of the subnet mask, as shown above. This number represents the number of contiguous 1s in the subnet mask.

It should be understood that this concept of representing the prefix length with a decimal number is strictly for the convenience of the user. The protocol still carries the four octet subnet mask in its routing updates.

Alcatel-Lucent C


ot Distribute



Subnet Design Considerations

1. How many subnets required now?2. How many subnets in the future?3. How many hosts in the largestsubnet?4. How many hosts will be in thesubnet in the future?

Subnet 1Subnet 2

Subnet 3

Subnet 4

Subnet 5

Subnet 6

Subnet 7

Subnet 9

Subnet 8

An addressing plan requires careful planning and consideration for future requirements. The network administrator cannot just look at the existing infrastructure in the assignment of addresses but must take into account future growth of hosts of all the subnets as well as future growth in the number of subnets that will be required.

The first planning step is to define the number of subnets that are required. In the example above, there is a requirement for nine subnets; therefore, 23 or 8 subnets would not meet the requirement. To meet this requirement,the administrator must plan for 24 or 16 subnets. This now leaves room for future expansion.

The next step is to ensure that there is enough host space available to meet the requirements of the largest subnet. If the largest subnet required 35 hosts, a 26- or 64-host space must be used. This size would also leave room for expansion.

After the design is completed, the administrator must ensure that the organization’s allocated IP address space is sufficient to meet current as well as future needs.

Alcatel-Lucent C


ot Distribute



Subnet Example

1. Subnet 2, the largest subnet, requires20 host addresses2. Network IP address is 192.168.1.0/24

Subnet 1 Subnet 2

Subnet 3Subnet 4

Subnet 5

Subnet 6

First the administrator must identify the bits required to provide the six needed subnets. Because the address is a binary address, the boundaries for the subnets are base on the power of 2.

In the example above, the administrator would require 3 bits of the existing host address to provide the necessary subnets: 23 = 8 available subnets. This would give the subnets an extended prefix of 27 bits. The 4-octet subnet mask would appear as 255.255.255.224.

This would leave 5 bits of the last octet for host addresses. The calculation for usable or assignable host addresses is 2n – 2, or in this case 25 – 2. The reason why 2 host addresses must be subtracted from the total is because the host address 00000 (all 0s) is reserved for the network address and the host address of 11111 (all 1s) is reserved for the broadcast address of the subnet.

In the example above, the base address is 192.168.1.0/24. With the subnet extended prefix defined above, the administrator would have the following subnets, with each subnet supporting 30 hosts:

192.168.1.0/27 192.168.1.32/27 192.168.1.64/27

192.168.1.96/27 192.168.1.128/27192.168.1.160/27

192.168.1.192/27192.168.1.224/27

Alcatel-Lucent C


ot Distribute

IP Addressing

Section 3 — Variable Length Subnet Mask

Alcatel-Lucent C


ot Distribute



Variable-Length Subnet Mask

Given a network of 192.168.10.0/24, generate subnetworks to address each of the networks below:

In this scenario there are 5 networks; we can therefore generate our subnets with a /27 mask as follows:

192.168.10.224/27192.168.10.96/27

192.168.10.192/27192.168.10.64/27

192.168.10.160/27192.168.10.32/27

192.168.10.128/27192.168.10.0/27

When an IP network is assigned more than one subnet mask, it is considered to be a network with variable-length subnet masks—i.e., the extended prefixes that are used are not all the same for each subnet.

VLSM is a more efficient use of the allocated IP address space. Instead of being locked into a single subnet prefix, VLSM allows the administrator to tailor the size of the subnets to meet the host requirements. For example, the figure above shows one of the subnets being further subdivided into /30 subnets. These work well for point-to-point links used between routers, for which only two host addresses are required.

Alcatel-Lucent C


ot Distribute



VLSM (continued)

The following subnetworks have been assigned randomly:

192.168.10.0/27

192.168.10.64/27192.168.10.32/27

192.168.10.96/27

192.168.10.128/27

Each of the above subnets supports 30 hosts. However, the link between the routers is a point-to-point link and only requires 2 host addresses.The broadcast networks attached to a switch could require 60 hosts each but are limited by 30 hosts. How do we rectify this situation?

Alcatel-Lucent C


ot Distribute



VLSM (continued)

Assign variable-length subnet masks to the network.Use a different mask (e.g., use /26 for 192.168.10.0/24).The total number of subnetworks generated are:

192.168.10.0/26192.168.10.64/26192.168.10.128/26192.168.10.192/26 (all with 62 hosts each)

This is not enough to represent five networks, but take subnetwork 192.168.10.192/26 and apply /30 to it.

192.168.10.192/26 can then be divided into:192.168.10.192/30 192.168.10.196/30192.168.10.200/30 192.168.10.204/30192.168.10.208/30 192.168.10.212/30 and so on..

Any one of the above addresses can be used to represent point-to-point links between the routers.

When developing a VLSM design, the network administrator must take into consideration the same questions that were asked when doing the traditional subnet design. At each level, the administrator must ensure that there are enough bits available for expansion.

If the networks are spread out over a number of different sites, the administrator must ensure that enough bits are used to support those sites and any future sites that may be deployed. In addition, the administrator must envision how each site may further subdivide their network to support the sub-subnets in the site itself.

Development of this hierarchical addressing scheme requires careful consideration and planning. The network must recursively work its way down so that each level has enough space in the host address to support each requirement.

If this hierarchical scheme is planned correctly before deployment, the multiple networks can then be aggregated into a single address that will help to reduce the number of routing entries in the backbone routers.

Alcatel-Lucent C


ot Distribute



VLSM Requirements

Subnet 1Subnet 2

Subnet 3

Subnet 4

Subnet 5

Subnet 6

Subnet 7

Subnet 9

Subnet 8

VLSM brings about a new set of challenges: how the different subnets and their various extended prefixes get advertised throughout the network This requires the use of more modern routing protocols. The routing protocol used must be able to satisfy the following:

The routing protocol must be able to carry the extended prefixes with each subnet advertised.

The routers themselves must make forwarding decisions based on the longest match.

The routing protocol must be able to perform summarization to support route aggregation.

Routing protocols such as OSPF and IS-IS support the use of VLSM. RIPv1 does not support the use or deployment of VLSM; however, RIPv2 does support the use of VLSM.

Alcatel-Lucent C


ot Distribute



VLSM Example 1

• In this example, the service provider is allocated and address of 172.16.0.0/16

• It requires 5 subnets each needing at least 2000 hosts

Subnet 1172.16.0.0/19

Subnet 2172.16.32.0/19

Subnet 3172.16.64.0/19

Subnet 4172.16.96.0/19

Subnet 5172.16.128.0/19

In the example above, the organization is assigned the network IP address of 172.16.0.0/16, and it plans to design and deploy a VLSM network. Five subnets are required each with a requirement of 2000 hosts.

In typical Class B fashion, there is only 1 network with 65 534 hosts, and this is represented by the last 16 bits. We need 5 networks. Using some of the default Class B host bits should give us the required networks.

Option 1: Using 2 bits out of 16 gives us 22 = 4 networks and 214 = 16 384 hosts

Option 2: Using 3 bits out of 16 gives us 23 = 8 networks and 213 = 8192 hosts

Option 3: Using 4 bits out of 16 gives us 24 = 16 networks and 212 = 4096 hosts

Option 2 or 3 can be used, but because only 5 networks are required, option 2 is the best choice here. However, if the network is bound to grow with no more than 4000 hosts ever in any given subnet, option 3 might be better because the network has been designed for 16 subnets.

Alcatel-Lucent C


ot Distribute



VLSM Example 2

The service provider has the IP address 172.16.0.0/16 and has a subnet, 172.16.64.0/19 which must be further subnetted into 6 subnets supporting different numbers of hosts

Subnet 3172.16.64.0/19

Subnet 3a172.16.64.0/20

Subnet 3b172.16.80.0/21

Subnet 3c172.16.88.0/22

Subnet 3d172.16.92.0/23

Subnet 3e172.16.94.0/24

Subnet 3f172.16.95.0/24

In the example above, subnet 172.16.64.0/19 has been isolated and is now going to be further subdivided to support the six subnets that are located in the local campus. The total number of hosts supported in the /19 network is 8190. This can be further subdivided into more subnetworks with a smaller number of hosts.

If the requirement is to have six unequal subnets, one option is as follows:

172.16.64.0/20 212 – 2 = 4094

172.16.80.0/21 211 – 2 = 2046

172.16.88.0/22 210 – 2 = 1022

172.16.92.0/23 29 – 2 = 510

172.16.94.0/24 28 – 2 = 254

172.16.95.0/24 28 – 2 = 254

Note that the sum of all valid hosts is 8180. This is because by dividing further, two addresses are reserved for the subnetwork number and broadcast number for each. The use of VLSM allows flexibility in the design of networks. Not all subnetworks or networks require the same number of hosts.

Alcatel-Lucent C


ot Distribute



VLSM Exercise

The base network address is 138.120.0.0/16.Divide the address space into the subnets as shown in the diagram below

First host Last host Broadcast

Subnet 1 Subnet 2 Subnet 3

Subnet 2a

Subnet 2bSubnet 2c

Subnet 2d

In the figure above, the administrator is tasked with taking the base address and subnetting it to support three subnets.

Then the second subnet must be further subdivided to support four subnets. The administrator must then define the first, last, and broadcast addresses for the second sub-subnet.

Subnet 1 network address ______________________



Subnet 2a network address ______________________

Subnet 2b network address ______________________

Subnet 2c network address ______________________

Subnet 2d network address ______________________

Subnet 2b

First host address ___________________

Last host address ___________________

Broadcast address __________________

Alcatel-Lucent C


ot Distribute



25 Users

20 Users

20 Users

25 Users

18 Users

18 Users

Using 10.10.10.0/24, provideIP subnet addressesA

B

C

D

E

F

Corporate HQ

VLSM Exercise (continued)

In the figure above, the administrator is tasked with taking the base address and subnetting it to support six subnets,ensuring that each subnet will support its host requirements.

The next task for the administrator is to take one of the subnets and further subdivide it to support the point-to-point links that join the subnet routers to the main router.

Alcatel-Lucent C


ot Distribute



VLSM Exercise (continued)

Given the IP address, use VLSMs to extend the use of the address. Provide a possible address for:

HQ A ________________________HQ B ________________________HQ C ________________________HQ D ________________________HQ E ________________________HQ F ________________________

Router A LAN ________________________Router B LAN ________________________Router C LAN ________________________Router D LAN ________________________Router E LAN ________________________Router F LAN ________________________

Alcatel-Lucent C


ot Distribute

IP Addressing

Section 4 — Classless Inter-Domain Routing

Alcatel-Lucent C


ot Distribute



.

.

.

10.10.0.0/24

10.10.1.0/24

10.10.254.0/24

10.10.255.0/24

Routing Table10.10.0.0/2410.10.1.0/24...10.10.255.0/24

Router A Router B

Classless Inter-Domain Routing

With the rapid expansion of the Internet, IPv4 addresses were quickly becoming exhausted, and the sizes of routing tables were expanding exponentially. The response to these problems was the development and adaptation of CIDR.

CIDR eliminated the concept of address classes and replaced it with the concept of network prefixes. Rather than the first 3 bits defining the network mask, the network prefix now defines the network mask. This prefix mask is a method of defining the leftmost contiguous bits in the network portion of the routing table entry.

By eliminating the concept of address classes, CIDR allowed for a more efficient allocation of the IP address space. In addition, CIDR supports the concept of route aggregation, thus allowing a single route entry to represent multiple networks.

Alcatel-Lucent C


ot Distribute



Route Table10.15.24.0/2410.15.25.0/2410.15.26.0/2410.15.27.0/2410.15.28.0/2410.15.29.0/2410.15.30.0/2410.15.31.0/24

Route Table10.15.24.0/21

10.15.24.0/24 00001010 . 00001111 . 00011 000 . 0000000010.15.25.0/24 00001010 . 00001111 . 00011 001 . 0000000010.15.26.0/24 00001010 . 00001111 . 00011 010 . 0000000010.15.27.0/24 00001010 . 00001111 . 00011 011 . 0000000010.15.28.0/24 00001010 . 00001111 . 00011 100 . 0000000010.15.29.0/24 00001010 . 00001111 . 00011 101 . 0000000010.15.30.0/24 00001010 . 00001111 . 00011 110 . 0000000010.15.31.0/24 00001010 . 00001111 . 00011 111 . 00000000

NetworkLine (/24)

CommonLine (/21)

All possible combinations are contained within the network line and the common line.

Common bit pattern

Router A Router B

Route Aggregation

As was discussed in the VLSM section, address planning is extremely important when subnets are first deployed. The subnets should be deployed so that they support the concept of aggregation, and when aggregation or summarization is applied all subnets can be represented by as few entries as possible in the route table.

In the slide above, Router A supports eight different subnets with a /24 prefix. Rather than advertising all eight subnets, the administrator has decided to implement route aggregation. To see what network address or addresses will be advertised from Router A to Router B, the administrator has decided to calculate what the new network prefix or prefixes should be.

First, define the octet that will be manipulated by the aggregation. In this case, it is the third octet.

Next, identify the original network prefix (/24), then look to the left of the prefix line and identify the area where all the addresses have the same bit pattern. Draw a line down that portion. Look in-between these two lines and ensure that all possible bit patterns are contained between the two lines. If this is the case, you can then summarize those bit patterns into (in this example) a /21 mask.

Alcatel-Lucent C


ot Distribute



Route Aggregation Exercise

10.15.1.32/28

10.15.1.48/28

10.15.1.64/28

10.15.1.80/28

10.15.1.96/28

10.15.1.112/28

Given the information on the slide, what summarized route or routes will be advertised to Router 2 from Router 1?

Router 1 Router 2

In the figure above, the administrator is going to be using route aggregation on Router 1. What route or routes will be advertised to Router 2?

Alcatel-Lucent C


ot Distribute



CIDR and VLSM

ISPCustomer

VLSM

CIDR

When you first look at CIDR and VLSM, they seem to both provide the same function and they are very similar. The difference between the two is how they appear to the Internet.

Both CIDR and VLSM support the following:

The routing protocol must carry network-prefix information with each advertised route.

All routers must support the longest-match forwarding algorithm.

Addresses must be allocated to support route aggregation.

The difference is, as mentioned earlier, how the manipulation of the address space appears to the Internet.

VLSM address manipulation is done on the address assigned to an organization and is invisible to the Internet.

CIDR, on the other hand, manipulates addresses, and these manipulations are advertised to the Internet.

Alcatel-Lucent C


ot Distribute



LAB 2.1-2.2 IP Addressing

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

Alcatel-Lucent C


ot Distribute

IP Addressing

Section 5 — IPv6 Addressing

Alcatel-Lucent C


ot Distribute



Features of IPv6

Provides a huge address spaceMore than 3.4 x 1038 addresses

Hierarchical address allocation provides efficient routingSmall routing table

Support for anycast addresses and the elimination of broadcast addressesEfficient IP header (40 bytes with 8 fields)

Fewer fields and simpler forwarding

Built-in security (IPsec implemented in IPv6)Authentication header and encapsulation security payload

Better QoS supportFlexibility in the Extension header

Daisy chain of next headers

Provides a huge address space

• There are more than 3.4 x 1038 addresses (this represents approximately 5 x 1028 address for each person alive today!). Practically an infinite number of addresses insures no future shortages and provides great flexibility in address allocation.

Hierarchical address allocation provides efficient routing

• There is a small routing table because routes can be summarized due to the hierarchical nature of address space. This simplifies routing for mobile and other specialized devices.

Support for anycast addresses and the elimination of broadcast addresses

Efficient IP header (40 bytes with 8 fields)

• Fewer fields and simpler forwarding enhances router efficiency.

Built-in security (IPsec implemented in IPv6)

• Authentication header and encapsulation security payload

Better QoS support

Flexibility in the extension header

• A daisy chain of next headers provides flexibility to increase IP functionality without complicating the primary header used for forwarding.

Alcatel-Lucent C


ot Distribute



IPv6 Header

IPv6 header: 8 fields, 40 bytes

Version Traffic Class Flow Label

Payload Length Next Header Hop Limit

Source Address

Destination Address

Version

• Value is 6

Traffic Class

• Similar to ToS field in IPv4; supports differentiated services

Flow label

• Can be used to identify specific data flows

Payload length

• Length of the IP payload; similar to IPv4 except that it does not include the header length

Next header

• Similar to the protocol field in IP; specific values are used to indicate that extension headers follow the mail header

Hop Limit

• Similar to TTL in IPv4, but specifically designated as a hop count field

Source Address

• 128-bit address of the sending node

Destination Address

• 128-bit address of the intended recipient

Alcatel-Lucent C


ot Distribute



IPv4 vs. IPv6

Compare IPv4 and IPv6 headers:IPv4 header: 12 fields, 20 bytes IPv6 header: 8 fields, 40 bytes

There is no Identification or Fragment Offset field in IPv6 because it does not support packet fragmentation. A minimum MTU of 576 is defined for IPv6 networks, and packets exceeding the MTU are discarded.

There is no Header Checksum field because there is no checksum at the IP level in IPv6. IPv6 relies on layers 2 and 4 to provide the error-free transmission of data.

Alcatel-Lucent C


ot Distribute



IPv6 Addressing

Defined in RFC 3513Represented by colon-hexadecimal format

2001:0211:0000:0000:ab01:0000:0000:0011

Compressed representationLeading zero compression:

— 2001:211:0:0:ab01:0:0:11

Multiple successive zero fields can be compressed (only once):2001:211::ab01:0:0:11

Types of addressing:Unicast addressingMulticast addressingAnycast addressing

Represented by colon-hexadecimal format (each digit represents one hex digit)

• 2001:0211:0000:0000:ab01:0000:0000:0011

Compressed representation

• Leading zero compression:

— 2001:211:0:0:ab01:0:0:11

• Multiple successive zero fields can be compressed (only once). “::” represents a number of zeroes but can only be used once in the string because it would be ambiguous if used more than once.

• 2001:211::ab01:0:0:11

Types of addressing:

• Unicast addressing (a single host)

• Multicast addressing (a number of hosts)

• Anycast addressing (any one of a number of hosts)

Alcatel-Lucent C


ot Distribute

IP Addressing

Section 6 — NAT/PAT

Alcatel-Lucent C


ot Distribute



IP Addressing — NAT/PAT

Translates private IP addresses into public rangesNAT — One-to-one address translationNAT — Does not monitor transport layer port numbersPAT — Many-to-one address translationPAT — Does monitor transport layer port numbersDefined in RFCs 2663 and 3022NAT/PAT is not currently supported on the Alcatel 7750 SR

It is important to note that the 7750 SR does not currently support NAT or PAT. The 7750 SR is not an enterprise router, and this feature is generally found in enterprise routers. The 7750 SR is not generally placed at that level of a network. There are currently no plans for the 7750 SR to support NAT or PAT. The reason that NAT and PAT are mentioned in this review is that they are currently commonly seen in the network infrastructure, and thus network experts should have a generic understanding of their purpose.

Network address translation and Port and address translation were created to alleviate the stresses of IP allocation in the world. Working closely with the private IP address ranges, NAT and PAT allow for private IP addresses to be translated into public IP addresses. This translation can be in one of two forms.

The first form of translation is “one-to-one” translation; we call this NAT. A single private IP address is translated to a single public IP address. In this form, the transport-layer port numbers are not monitored or modified. This allows for all applications to function normally without any change to the upper layers. The disadvantage of this form of translation is that there must be a pool of available addresses to support all the private IP-addressed clients. If all addresses in the pool are in use and a new NAT requirement emerges, it will fail because there is no available address within the pool of public addresses.

The second form of translation is “many-to-one”; we call this PAT. A single public IP address supports multiple private IP addresses simultaneously. To accomplish this, the router must not only map the IP address of the client device, it must also map the port number in use by the client. As translation occurs, the IP address is changed to a single public address. To keep track of the multiple streams of traffic from client devices, the port numbers are mapped into the database. If a client’s random port number is already mapped by a different active client, the router not only changes the IP address, it also changes the client’s port number.

Note that with the extremely large address space provided by IPv6, NAT/PAT will no longer be required.

Alcatel-Lucent C


ot Distribute



IP Addressing — NAT

NAT Table:Public pool: 192.1.1.1 — 192.1.1.254 /24

Internal <> External10.1.1.1 <> 192.1.1.210.1.1.2 <> 192.1.1.310.1.1.3 <> 192.1.1.4

192.1.1.0/24

NAT router

10.1.1.0/24

Internet

10.1.1.2

10.1.1.3

10.1.1.1 192.1.1.1

In the example of NAT above, the range of public IP addresses is from 192.1.1.2 to 192.1.1.254. Each client that sends traffic through the router will be mapped to a single IP address in the pool. If 253 clients are actively sending traffic through the router, the pool of available public IP addresses is saturated. When the 254th client tries to send traffic out the router, it will time out because there are no available public IP addresses to use for NAT. Although this limits the number of clients who can simultaneously use this NAT router, it does not limit the types of applications that each client can be using.

Alcatel-Lucent C


ot Distribute



IP Addressing — PAT

PAT Table:Public pool: 192.1.1.5/32 (Int. 1/1/1)

Internal <> External10.1.1.1:1101 <> 192.1.1.5:110110.1.1.2:1212 <> 192.1.1.5:121210.1.1.3:1212 <> 192.1.1.5:2424*

192.1.1.4/30

PAT router

10.1.1.0/24

Internet

10.1.1.2

10.1.1.3

10.1.1.1 1/1/1=192.1.1.5

* Duplicate port; random port replaces duplicate

When using PAT, the router that is performing the operation must keep track of the source IP address and the source port number being used at the transport layer. Optionally, the router may also keep track of the destination address and port number. Because only one public address is allocated to the translation pool, all source IP addresses must be translated to the one public address. To keep track of each client’s traffic, the router maps the source port number into its database. Because client port numbers are typically sourced from the random port range (1024 to 65535), there is a possibility that two clients could use the same port number. When this occurs, the router not only modifies the source IP address, but it also modifies the source port number so that it can differentiate the traffic. This port change is not reflected to the client and is therefore transparent to the client. Most modern applications do not have a problem with the change of port. However, some applications (mostly legacy ones) require specific source and destination port numbers. If the router modifies the source port to one different than the application expects, or requires, the application may not function properly.

Alcatel-Lucent C


ot Distribute

IP Overview

Section 7 — IP Protocols

Alcatel-Lucent C


ot Distribute



Internet Control Message Protocol

ICMP is a core IP application protocol used mainly to report errors in delivering IP datagrams.IP is connectionless and basically unreliable.ICMP is needed to send error control messages to routers and hosts.ICMP is encapsulated in the IP packet and is routed like a data packet.ICMP is part of the Internet protocol suite, defined in RFC 792. ICMP messages are typically generated in response to errors in IP datagrams (as specified in RFC 1122) or for diagnostic or routing purposes.The version of ICMP for IPv4 is also known as ICMPv4 as it is part of IPv4. IPv6 has an equivalent protocol, ICMPv6.

ICMP messages are constructed at the IP layer, usually from a normal IP datagram that has generated an ICMP response. IP encapsulates the appropriate ICMP message with a new IP header (to get the ICMP message back to the original sending host) and transmits the resulting datagram in the usual manner.

For example, each device (such as an intermediate router) that forwards an IP datagram must decrement the TTL field of the IP header by one. If the TTL reaches 0, an ICMP “time to live exceeded in transit” message is sent to the source of the datagram.

Each ICMP message is encapsulated directly in a single IP datagram, and thus, like UDP, ICMP does not guarantee delivery.

Although ICMP messages are contained in standard IP datagrams, ICMP messages are usually processed as a special case, distinguished from normal IP processing, rather than processed as a normal subprotocol of IP. In many cases, it is necessary to inspect the contents of the ICMP message and deliver the appropriate error message to the application that generated the original IP packet (the one that prompted the sending of the ICMP message).

Alcatel-Lucent C


ot Distribute



ICMP Message Types

Some common message types are:Echo request and echo reply (type 8 and type 0)

The host device sends an echo request to the destination device.The destination device sends back an echo reply.The ping utility uses the echo request and reply message types.

Destination unreachable (type 3)Used by a router that cannot forward an IP datagram to send to the source of the IP datagramThe router then discards the IP datagram.

Redirect (type 5)A redirect message can be sent back to the host, indicating that the IP datagram is taking a suboptimal route. The router then forwards the data to the destination.Useful but may have security issues

Echo request and echo reply messages are very frequently used. A host or router sends an ICMP echo request message to a specified destination. Any device that receives an echo request generates an echo reply and returns it to the original sender. The request contains an optional data area, and the reply contains a copy of the data sent in the request. The echo request and reply can thus be used to test whether a destination is reachable. The echo request and reply are sent via IP datagrams.

Assumptions:

The IP software on the source computer must route the datagram.

The intermediate routers between the source and destination must be operating and must route the datagram correctly.

The destination device must be running and both ICMP and IP software must be working.

All routers along the path must have the correct routes.

Ping is the most common way to send an ICMP echo request. The command usually sends a series of echo request messages and captures the corresponding echo replies. Ping then calculates the data loss statistics.

The destination unreachable command can be quite useful. For example, if the destination device connects to an Ethernet network, the network hardware does not provide ACKs. Therefore, a router can continue to send packets to a destination even after the destination is powered down without receiving an indication that the destination is down.

The destination unreachable message is only useful in determining that the destination is not reachable. It does not inform the source router why the packet was not delivered.

The hosts in a network have minimal routing information on system startup. As the network topology changes, the host routing table may not have the optimal information. The router redirect message can be used to inform the host that it needs to change its route to the destination. The host routing table will then contain optimal routes.

Alcatel-Lucent C


ot Distribute



ICMP in Action

Normal IP packet flow from Host A to Host BDestination link is brokenICMP destination unreachable message is sent to sourceDestination link is fixedGateway G1 decides that gateway G2 is more optimal and sends a redirect message to Host AIP packet flow from Host A to Host B occurs via Gateway G2

G1

G2

Host A

Host B

Alcatel-Lucent C


ot Distribute



Address Resolution Protocol

Host 210.10.10.2/24

ARPrequest

ARPreply

ICMPPing 10.10.10.2

Echo request10.10.10.2

Echo reply10.10.10.1

Host 2Is alive

Host 1 Host 2

Host 110.10.10.1/24

When a host device sends a ping to another host device on the same subnet, how does it know what the MAC address of the distant host device is? This is when ARP is used. ARP is used by IP to map a known IP address to the unknown hardware address of the host. ARP operates between L2 and L3 of the OSI model.

An Ethernet network uses two hardware addresses to identify the source and destination of each frame. If the destination address is all 1s (a broadcast frame), it will be sent to all hosts in that broadcast domain. ARP uses this broadcast to find out the destination MAC address of the distant host.

In the figure above, Host 1 pings Host 2. Host 1 looks in its cache of MAC addresses for the destination MAC address of Host 2. If it is not there, Host 1 queues the ICMP packet and sends an ARP request message. The ARP request is a broadcast message, and it is sent to all hosts in the broadcast domain. Each host opens the frame and checks the destination IP address. If it is not its address, the host ignores the packet. However, when Host 2 receives the request, it sees that it is the destination and sends an ARP reply. This ARP reply is wrapped in a frame that has for its destination the MAC address of Host 1, and the source is the MAC address of Host 2. On receiving the reply, Host 1 now learns the MAC address of Host 2 and is able to wrap the ICMP message and send it to Host 2.

Alcatel-Lucent C


ot Distribute



ARP across a Router

Host 110.10.10.1/24

Host 1220.20.20.1/24

ICMPPing 20.20.20.1

ARPrequest

ARPrequest

ARPreply

ARPreply

Echo request20.20.20.1 Echo request

20.20.20.1



Host 12Is alive

Router 1

Host 1 Router 1 Router 1 Host 12

2

1

3

8

4

5

6

7

With the previous slide, the discussion was of the use of ARP within the same subnet. What happens if the distant host is not in the same subnet as shown above?

Host 1 generates a ping to Host 12. Again, when Host 1 goes to wrap the packet in the Ethernet frame, it does not have a destination MAC address associated with the Host 12 IP address, so Host 1 generates an ARP request message. This is still a broadcast message and is received by Router 1 [1]. Router 1 examines the destination IP address of the request and sees that the subnet is in its routing table. Router 1 responds to Host 1 with an ARP reply [2] that provides Host 1 with the MAC address of the interface of Router 1 as the destination MAC address for the packet. This makes Router 1 the proxy destination for any traffic that goes to Host 12.

When Host 1 wants to send a packet to Host 12, it uses its MAC table lookup and uses the router’s MAC address as the target MAC address [3].

Router 1 then generates an ARP request message to the 20.20.20.0/24 network, looking for the MAC address of Host 12 [4]. Host 12 responds to Router 1, and Router 1 learns the Host 12 MAC address [5].

Alcatel-Lucent C


ot Distribute



ARP Request Packet Capture

Frame 31 (60 bytes on wire, 60 bytes captured)

Ethernet II, Src: 00:04:80:9f:78:00, Dst: ff:ff:ff:ff:ff:ff

Destination: ff:ff:ff:ff:ff:ff

Source: 00:04:80:9f:78:00

Type: ARP (0x0806)

Trailer: 000000000000000000000000000000000000

Address Resolution Protocol (request)

Hardware type: Ethernet (0x0001)

Protocol type: IP (0x0800)

Hardware size: 6

Protocol size: 4

Opcode: request (0x0001)

Sender MAC address: 00:04:80:9f:78:00

Sender IP address: 138.120.53.253

Target MAC address: 00:00:00_00:00:00

Target IP address: 138.120.53.149

In the above packet capture a host with IP address 138.120.53.253 is attempting to resolve the MAC address for a host with IP address 138.120.53.149. The destination MAC address of the Ethernet II frame is sent to the broadcast address ff:ff:ff:ff:ff:ff. All devices in the same broadcast domain will receive this frame. Only the host with IP address 138.120.53.149 will reply. The EtherType for ARP is 0x0806 and is used to indicate which protocol is being transported in the Ethernet II frame.

ARP Packet

Hardware Type- Each layer 2 protocol is assigned a number used in this field. For example, Ethernet is 1

Protocol Type- Each protocol is assigned a number used in this field. For example, IP is 0x0800

Hardware Size- Size in bytes for hardware addressing. Ethernet addresses are 6 bytes in length.

Protocol Size- Size in bytes for logical addressing. IPv4 addresses are 4 bytes in length.

Operation Code- Specifies the operation the sender is performing. A value of 1 is for ARP request and a value of 2 is for ARP reply.

Sender MAC address- The hardware MAC address of sender.

Sender IP address- Protocol address of sender.

Target MAC address- The hardware MAC address of the intended receiver. The MAC address will be all 0’s for a request.

Target IP address- The protocol address of the intended receiver.

Alcatel-Lucent C


ot Distribute



ARP Reply Packet Capture

Frame 32 (42 bytes on wire, 42 bytes captured)

Ethernet II, Src: 00:11:43:45:61:23, Dst: 00:04:80:9f:78:00

Destination: 00:04:80:9f:78:00

Source: 00:11:43:45:61:23

Type: ARP (0x0806)

Address Resolution Protocol (reply)

Hardware type: Ethernet (0x0001)

Protocol type: IP (0x0800)

Hardware size: 6

Protocol size: 4

Opcode: reply (0x0002)

Sender MAC address: 00:11:43:45:61:23

Sender IP address: 138.120.53.149

Target MAC address: 00:04:80:9f:78:00

Target IP address: 138.120.53.253

The above packet capture is the ARP reply in response to the ARP request on the previous page. The Ethernet frame is a unicast frame and is sent only to the MAC address of the ARP request sender. All fields in the ARP reply packet have the same meaning as the ARP request packet. The main difference in the APR reply packet is the Operation code (Value of 2 for request) and fully populated MAC addresses for the sender and the target. Note the sender and target addresses have been swapped.

Alcatel-Lucent C


ot Distribute



Module Summary

IPv4 addresses consist of 32 bits (4 octets) traditionally divided into a Network prefix and a Host numberThere are 5 Classes of addressesThere are 4 types of addresses:

Unicast: a specific IP address that identifies one hostBroadcast: all IP addresses in a broadcast domainMulticast: a group of hostsAnycast: a specific IP address that identifies multiple hosts

There are Classful and Classless addressing formatsSub-netting and classless addressing provides flexibility and more efficient use of address space by adding a level in the addressing format to define the sub-net number

Alcatel-Lucent C


ot Distribute




VLSM enables an IP network to be assigned more than one sub-net mask, allowing for more efficient use of the address spaceRoute aggregation reduces the number of routing table entries by allowing several sub-nets to be advertised by only a few prefixesNAT & PAT used to alleviate IPv4 address shortage in the world

With NAT a single private IPv4 address is translated to a singlepublic IP address.With PAT a single public address supports multiple private IP addresses simultaneously

IPv6 provides huge address space, with addresses of 128 bits, it has 8 fields in its header with the following that differ from IPv4:Traffic Class, Flow Label, Next Header

Alcatel-Lucent C


ot Distribute




ICMP is a core IP application protocol used mainly to report errors in delivering IP datagramsICMP is encapsulated in an IP packet and routed like a data packetARP is used by IP to map a known IP address to the unknown hardware address of the host

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. Define the first, last, and broadcast addresses of the following network address: 192.168.16.64/27

2. Which of the following addresses is a broadcast address?a. 138.120.0.255/23b. 191.16.1.99/30c. 145.1.1.108/30

3. Subnet the following address to provide a minimum of 9 subnets: 190.16.4.0/22

Alcatel-Lucent C


ot Distribute




4. Choose the correct addresses from the following list that can be super-netted to provide 300 host addresses.a. 192.168.1.0/24b. 192.168.2.0/24c. 192.168.3.0/24d. 192.168.4.0/24

5. Summarize the following addresses to the least amount of addresses that will be advertised.a. 11.11.11.16/28b. 11.11.11.32/28c. 11.11.11.48/28d. 11.11.11.64/28e. 11.11.11.96/28f. 11.11.11.80/28g. 11.11.11.112/28

Alcatel-Lucent C


ot Distribute



LAB 2.3 Testing for ICMP and ARP (Optional)

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent C


ot Distribute


Alcatel-Lucent C


ot Distribute


Module 5 — Transport Layer

Alcatel-Lucent C


ot Distribute



Module Objectives


Understand the transport layer functions Understand the concepts of ports and sockets Discuss the TCP 3-way handshake Discuss the concept of the TCP window Understand the TCP method of congestion avoidance Discuss TCP slow start Discuss the operation of UDP

Alcatel-Lucent C


ot Distribute

Transport Layer Overview

Section 1 — Transport Layer Protocols

Alcatel-Lucent C


ot Distribute



Transport Layer

Layer 4 of the OSI modelResponds to requests from the higher layers and relays requests to the network layersProvides reliable or unreliable transfer of dataCan provide end-to-end error checking and flow control TCP and UDP are transport protocols for the TCP/IP stack

TCP is connection-oriented while UDP is connectionless

OSI transport layers are TP0, TP1, TP2, TP3, and TP4TP4 and TCP are functionally similar

Transport Protocol Class 0 (TP0) performs segmentation (fragmentation) and reassembly functions. TP0 discerns the size of the smallest maximum PDU supported by any of the underlying networks, and segments the packets accordingly. The packet segments are reassembled at the receiver.

Transport Protocol Class 1 (TP1) performs segmentation (fragmentation) and reassembly, as well as error recovery. TP1 sequences PDUs and retransmits PDUs or reinitiates the connection if an excessive number of PDUs are unacknowledged.

Transport Protocol Class 2 (TP2) performs segmentation and reassembly as well as multiplexing and demultiplexing of data streams over a single virtual circuit.

Transport Protocol Class 3 (TP3) offers error recovery, segmentation and reassembly, and multiplexing and demultiplexing of data streams over a single virtual circuit. TP3 also sequences PDUs and retransmits them or reinitiates the connection if an excessive number are unacknowledged.

Transport Protocol Class 4 (TP4) offers error recovery, performs segmentation and reassembly, and supplies multiplexing and demultiplexing of data streams over a single virtual circuit. TP4 sequences PDUs and retransmits them or reinitiates the connection if an excessive number are unacknowledged. TP4 provides reliable transport service and functions with either connection-oriented or connectionless network service. TP4, the most commonly used of all the OSI transport protocols, is similar to TCP in the TCP/IP suite.

Both TP4 and TCP are built to provide a reliable, connection-oriented, end-to-end transport service on top of an unreliable network service. The network service may lose packets, store them, deliver them in the wrong order, or even duplicate packets. Both protocols must be able to deal with the most severe problems (e.g., a subnetwork stores valid packets and sends them at a later date). TP4 and TCP both have connect, transfer, and disconnect phases, and their principles of operation during these phases are also quite similar.

Alcatel-Lucent C


ot Distribute



Ports

Application Services

Telnet HTTP SMTP IMAP DNSDOOM TFTP GopherFTP

TCP UDP

21 23 80 25 143 53 53 69666 70

Ports identify an application service. This is how the transport layer can differentiate between application services. Each process that wants to communicate with another process identifies itself to the transport layer by using one or more port numbers.

A port is a 16-bit number used by the host-to-host protocol to identify to which higher-level protocol or application service it must deliver incoming messages. There are two types of port numbers:

Well-known ports — Well-known port numbers belong to standard servers. Well-known port numbers range from 1 to1023. These port numbers are assigned by the IANA.

Ephemeral — Client applications do not require well-known port numbers as they initiate communications with servers. Each client process is allocated a port number for as long as it needs it by the host system. Ephemeral port numbers occupy the 1024 to 65535 range and are not controlled by the IANA. Because the host dynamically assigns the port number to the client application, the port number may vary each time that the client application is launched.

Alcatel-Lucent C


ot Distribute



Sockets

Unique application handle into the TCP/IP stackUsed to differentiate application users between network hostsFormulated by using transport protocol, IP address, and application source/destination port numbersCreated at both ends of the data transfer (i.e., source and destination)

Example:

Socket address = Protocol, local IP address, and local port number (e.g., TCP, 138.120.3.1, 15633)

Conversation = Protocol, local IP address, local port number,remote IP address, and remote port number(e.g., TCP, 138.120.3.1, 15633. 137.10.2.2, 23)

Sockets are primarily used to differentiate between applications. Although applications on different hosts can be differentiated using IP addresses and destination address, it is impossible to differentiate between two sessions on the same hosts for the same application. The sockets also ensure that a datagram that arrives at the wrong host will not be accepted by the transport layer even though the well-known port exists. It is conceivable that an IP header could have its IP address corrupted and might therefore arrive at the wrong device. If the IP checksum is ignored, it is passed to the transport layer, where the port is examined.

Example: There are two Telnet sessions between Host A and Host B. The IP address and destination port numbers are not enough for Host B to differentiate between the two Telnet sessions. In this case, having the source port numbers, which are unique for each Host A client session, are required for Host B to discern between the packets of each of the session. A detailed example of Telnet is in the next slide.

In general, a client program, in this case a Telnet request from Host A, uses a unique source port number and uses the well-known port number (23 as the destination port on the server program on Host B).

Alcatel-Lucent C


ot Distribute



Transport Example — Telnet

Enable Telnet server application

Create socket address TCP,138.120.168.100,23

Listen to client requests, incoming request from Client 1

Conversation: TCP, 138.120.168.100,23,138.120.191.233,15633

Incoming request from Client 2

Conversation: TCP, 138.120.168.100,23,138.120.191.233,15322

Enable Telnet client 1 application

Create client socket TCP,138.120.191.233,15633

Connect to server

Enable Telnet client 2 application

Create client socket TCP,138.120.191.233,15322

Connect to server

TCP/IP

Operating system

Telnet Client 1

Operating system

Telnet Client 2

Operating system

Telnet server

PC A wants to Telnet into a server with two applications, A1 and A2.

The IP address of A is 138.120.191.233 and the server address is 138.120.168.200.

Application A1 opens a client session with a socket handle.

Application: Telnet

Source port number: 15633

Destination port number: 23

Transport layer: TCP

Socket handle: TCP, 138.120.191.233, 15633

Application A2

Application: Telnet


Destination port: 23

Transport layer: TCP, 138,120.191.233, 15322

The server enables the Telnet server and creates a destination socket.

Application: Telnet server


Destination port number: 15633,15322

Socket numbers: TCP, 138.120.168.200, 23

Alcatel-Lucent C


ot Distribute


Section 2 — Transmission Control Protocol

Alcatel-Lucent C


ot Distribute



Transmission Control Protocol Concepts

ApplicationService

ApplicationService

TCP TCP

IP IP

Network interfaceNetwork interface

Port X Port Y

Host A Host B

Unreliable IP datagrams

Reliable TCPconnection

The primary purpose of TCP is to provide reliable communications between application services. TCP understands that the lower levels are unreliable, so TCP must guarantee the delivery of the data itself.

Data transfer — From the application-services viewpoint, TCP provides a contiguous stream of data through the network. TCP groups the bytes into segments, which it passes to the Internet layer for transmission to the destination.

Reliability — TCP uses sequence numbers for each byte transmitted and expects to receive an acknowledgment from the distant end. If the acknowledgment is not received within a specific interval, the data is retransmitted.

Flow control — The TCP process of the distant end, when sending an acknowledgment back, informs the sender of the number of bytes it can receive above the last TCP segment, without causing an overflow of its internal buffers. This is done by specifying the highest sequence number that it can receive.

Multiplexing — Multiplexing and demultiplexing are achieved using port numbers.

Logical connections — To support reliability and flow control, TCP must initialize and maintain status information for each connection. This status information contains sockets, sequence numbers, and window size. These components combine to form a logical connection.

Full-duplex — TCP maintains full-duplex data streams.

Alcatel-Lucent C


ot Distribute



Establishing a TCP Connection

ApplicationService

ApplicationService

TCP TCP

Port X Port Y

Host A Host B

1. Active Open SYN, seq=A

2. SYN+ACK, seq=BACK A+1

3. ACKSend ACK B+1

Before transmitting any data, TCP must establish a connection between the two application services. This connection establishment is referred to as the “three-way handshake”. As shown in the figure above, the opening TCP segments include the sequence numbers from both sides.

After a session is established between the two hosts, data can be transferred until the session is interrupted or shut down. Data is sent in pieces; each piece forms a TCP segment. A TCP segment is a combination of the data and a TCP header.

Send SYN — This is a request for a session.

Receive SYN — A session request has been received.

ACK — This is the acknowledgment and shows the sending unit of the next sequence number that the receiver expects to see.

This begins with a SYN (Synchronize) segment (as indicated by the code bit) that contains a 32-bit Sequence number A called the Initial Send Sequence (ISS), which is chosen by, and sent from, Host A. The 32-bit sequence number A is the starting sequence number of the data in the packet and increments by 1 for every byte of data sent within the segment (i.e., there is a sequence number for each octet sent). The SYN segment also puts the value A+1 in the first octet of the data.

Host B receives the SYN with sequence number A and sends a SYN segment with its own totally independent ISS number B in the sequence number field. In addition, Host B sends an increment on the sequence number of the last-received segment (i.e., A+1) in its Acknowledgment field. The Acknowledgment number informs the recipient that its data was received at the other end and that it expects the next segment of data bytes to be sent, to start at sequence number A+1. This stage is often called the SYN-ACK. It is here that the MSS is agreed on.

Host A receives the SYN-ACK segment and sends an ACK segment containing the next sequence number (B+1). This is called the Forward Acknowledgment and is received by Host B. The ACK segment is identified by the fact that the ACK field is set. Segments that are not acknowledged within a certain interval are retransmitted.

Alcatel-Lucent C


ot Distribute



TCP Header

Source Port Destination Port

Sequence Number

Acknowledgment Number

Window

Urgent Pointer

Options and Padding

Data

Checksum

32 Bits

AC

KU

RG

PSHR

STSYNFINRes.HLEN

Source and Destination ports — Identify the upper-layer applications using the connection

Sequence Number — This 32-bit number ensures that data is correctly sequenced. Each byte of data is assigned a sequence number. The first byte of data by a station in a particular TCP header has its sequence number in this field (e.g., 58000). If this packet has 700 bytes of data in it, the next packet sent by this station will have sequence number 58000 + 700 = 58700.

Acknowledgment Number — This 32-bit number indicates the next sequence number that the sending device is expecting from the other station.

HLEN — Gives the number of 32-bit words in the header. Sometimes called the Data Offset field.

Reserved — Always set to 0

Code bits — The following flags indicate the nature of the header:

URG — Urgent Pointer

ACK — Acknowledgment

PSH — Push function; causes the TCP sender to push all unsent data to the receiver rather than sends segments when it gets around to them (i.e., when the buffer is full).

RST — Reset the connection

SYN — Synchronize sequence numbers

FIN — End of data

Window — Indicates the range of acceptable sequence numbers beyond the last segment that was successfully received. It is the allowed number of octets that the sender of the ACK is willing to accept before an acknowledgment.

Urgent Pointer — Shows the end of the urgent data so that interrupted data streams can continue. When the URG bit is set, the data is given priority over other data streams.

Checksum — Used to verify integrity of the TCP segment. Checksum calculation is performed on the TCP “pseudo-header” and data. This is the IP source and destination addresses, TCP header and the TCP data.

Option — Mainly only the TCP MSS, sometimes called Maximum Window Size or SMSS. A segment is a series of data bytes within a TCP header.

Alcatel-Lucent C


ot Distribute



TCP Windows

Send Window

Send WindowReceive Window

Receive WindowBuffered Data

Buffered Data

1

1

2

2

3

3

4

4

5678

8

12 9

9

10

10

11

1112765

TCP uses a send/acknowledge/send scheme to ensure the reliable delivery of data. If this was done one segment at a time, it would still ensure the reliable delivery of the data but would not be a very efficient use of the bandwidth of the link.

TCP uses windows to ensure the reliable delivery of data as well as use the available bandwidth. TCP groups the segments together in the send window and transmits them as a group. However, the transmitting host expects an acknowledgment from the receiver for each individual segment in that group. When the sender has received the acknowledgments, it then moves data from the buffer into the send window and transmits the next group of segments. This is why the send window of the local host and the receive window of the distant host must be the same.

Alcatel-Lucent C


ot Distribute



Sliding Windows

Can Send 1-6, only 1-2 sent Receive Window123456

Buffered Data12 7891011

Can Send 3-6 Receive Window34567812 91011 12

Ack 3

Receive Window34567812 91011 12

Ack 7

Receive Window7812 91011 1234

Ack 7

56

Wnd 4

Wnd 6

Wnd 0

Wnd 6

Cannot send any

Can send 7-12, only 7-9 sent

The concept of sliding windows keeps the network protocol saturated with packets to transmit. Because an acknowledgment is not required for every segment transmitted, network bandwidth is more efficiently used.

During the establishment of a TCP session, the MSS and the receiver’s window size are negotiated. This indicates that the receiver and sender in both directions have decided that, any one time, a sender can transmit bytes up to the MSS. However, this is not always the case: the transmit (slow start ) will often only transmit a limited number of segments to the receiver, as indicated by the receiver’s window size. The receiver’s window can be thought of as the current buffer size for the received packets. When the sender sends the required number of packets specified by the window size, the receiver buffer is full. If the received buffer is only partially cleared by the TCP application, the receiver sends back an ACK specifying the new window size, which is the originally negotiated window size minus the partially cleared segments. The sender then slides its window by the number of segments transferred and can only send the number of packets equal to this new window size.

Example:

Assume a negotiated window size of 6 segments.

The sender only sends 2 segments.

The receiver sends an ACK back, indicating the start of the next segment and also a new window size of 4 because the first 2 segments are still buffered.

The sender sends the remainder of the 4 segments, and fills up the receiver’s window.

The receiver sends an ACK 7 with a window size of 0 because its received buffer is full.

The sender is unable to transfer any more segments.

When the TCP application on the receiver side clears the buffer, the sender then transmits 3 segments.

Alcatel-Lucent C


ot Distribute



Acknowledgment and Retransmission

Send 1-6 Receive Window123456

Buffered Data7812 91011

Send 3-8 Receive Window34567812 91011

Ack 3

Receive Window7812 91011Send 3-8

Ack 3

Receive Window37812 91011

12

12

12Send 3-8

456

Retransmit

3456

With reference to the slide above, the sender window transmits a group of segments (1 to 6). The receive window receives segments 1 and 2 and acknowledges the receipt of those segments by telling the sender that the next segment it expects to see is sequence number 3. The window slides at the transmitting host.

For some reason, segment 3 is lost. The receive window continues to receive the rest of the segments; however, when it acknowledges the receipt of the segments, it informs the transmitting host that it is still expecting to see segment 3. The sender’s window cannot slide past segment 3. The sender host continues to send all the bytes in the window. Eventually, a timeout will occur and the sending host will retransmit.

The problem arises as to how much information the sender should retransmit. It does know that segment 3 was lost;however, it does not know the status of segments 4 to 6. The decision must therefore be made as to whether the sending host retransmits just segment 3 or all data from segment 3 on.

Each TCP instance is free to react to these outages as it wants: either just retransmit the current missing segment and wait for an acknowledgment to tell it of other segments that may be missing, or transmit everything from segment 3 on and let the receive window deal with the duplicate segments.

This occurs because the actual acknowledgment is not of the segment that it has received but to identify the next segment that it expects to see.

Alcatel-Lucent C


ot Distribute



TCP Operation Example

Host 210.10.10.2/24

Host 110.10.10.1/24

Seq.no. 122 (next seq.no. 123) Ack.no. 0 Wnd 8192 LEN = 0B




Ack.no. 323 Wnd 8560



Ack.no. 723 Wnd 8160


Seq.no. X (next seq.no. X+1) Ack.no. 724 Wnd 8160 LEN = 0B

Initial 3-way handshake

Data transfer

Closing session

SYNSYN+ACKACK

FIN

FIN+ACK

ACK

Assumptions:

Although the data transfer and window parameter negotiation occurs as a duplex, the slide above only shows a single-sided transfer.

The session begins with station 10.10.10.1/24 initiating a SYN that contains the sequence number 122, which is the ISS. In addition, the first octet of data contains the next sequence number, 123. There are only zeros in the acknowledgment number field as this is not used in the SYN segment. The window size of the sender starts off as 8192 octets as assumed to be acceptable to the receiver.

The receiving station sends its own ISS (286) in the sequence number field and acknowledges the sender's sequence number by incrementing it by 1 (287), expecting this to be the starting sequence number of the data bytes that will be sent next by the sender. This is called the SYN-ACK segment. The receiver's window size starts off as 8760.

When the SYN-ACK has been received, the sender issues an ACK that acknowledges the receiver's ISS by incrementing it by 1 and placing it in the acknowledgment field (287). The sender also sends the same sequence number that it sent previously (123). This segment is empty of data, and we do not want the session to keep ramping up the sequence numbers unnecessarily. The window size of 8760 is acknowledged by the sender.

From now on ACKs are used until just before the end of the session. The sender now starts sending data by stating the sequence number 123 again because this is the sequence number of the first byte of the data that it is sending. Again, the acknowledgment number 287 is sent, which is the expected sequence number of the first byte of data that the receiver will send. In the above scenario, the sender is initially sending 200 bytes of data in one segment. The network analyzer may indicate the next expected sequence number in the trace: in this case, 123 + 200 = 323. The sender has now agreed on the window size of 8760 and uses it itself.

Alcatel-Lucent C


ot Distribute



TCP Congestion Control — Slow Start

Send Window Receive WindowBuffered Data1234567812 91011

1

1

Ack 2cwnd

Send Window Receive WindowBuffered Data1234567812 91011

2

1

Ack 4cwnd 3

Send WindowBuffered Data1234567812 91011

5Ack 7

cwnd 6

23

Receive Window123456

4

Initially, when TCP first establishes a connection, it sends a group of segments of the size specified by the receiving host’s window. If the two hosts are in the same LAN, this should not be an issue. However, if they are in different networks, the possibility of low-speed links exists and the result could be multiple packet discards and multiple retransmissions, causing congestion in the network.

To avoid this situation, TCP uses what is referred to as “slow start”. Slow start creates another window for the sender, called the congestion window (cwnd). The congestion window starts out as one segment. When the sender receives an acknowledgment, it doubles the size of the congestion window to two segments. Again, after an acknowledgment is received, the sender doubles the size of the congestion window to four. This continues until the advertised size of the receive window is reached or until the capacity of the network is reached.

Note that in the slide above at the last step, the sender sends only 3 segments despite its congestion window size being 4 segments. This is because the receiver’s window size at this point is 3 segments.

Alcatel-Lucent C


ot Distribute



TCP Congestion Control — Congestion Avoidance

Step 1

Step 2

Step 4

Ack 9Send Window

Receive Window789101112131418 151617 7

Ack 9cwnd

810

Duplicate Ack

Receive Window789101112131418 151617 7

cwnd

810

9 Ack 11Initiate Slow Start

131415161718192024 212223 13

cwnd

1415

Ack 16131415

Start congestionavoidance

161718192021222327 242526 16

cwnd

1718

Ack 20161718Increase oneSegment at a time 19

19Step 5

9

Step 3 10

cwnd

1112

Ack 131112

789101112131418 151617

Increase oneSegment at a time

Although it is a totally different process, congestion avoidance works hand-in-hand with slow start. With the improvements in network design, the TCP process assumes that packet loss due to damage is rare. Therefore, the loss of a packet must indicate network congestion and that the packet was discarded. The congestion avoidance process has two indications of packet loss:

A timeout occurs.

A duplicate ACK is received.

The slide above shows the process if a duplicate ACK is received. However, if a timeout occurs, the process would be the same. When the duplicate ACK is received, the slow start process is initiated and the congestion window is set back to one segment. It continues to double in size with each acknowledgment until it reaches half the original window size before the duplicate ACK was received. At this point, the congestion avoidance process takes over and increases the congestion window one segment at a time with each received ACK. This cycle continues until the TCP process reaches a steady state.

Alcatel-Lucent C


ot Distribute


Section 3 — User Datagram Protocol

Alcatel-Lucent C


ot Distribute



User Datagram Protocol

ApplicationService 1

Port 67 Port 69 Port 123 Port 56981

UDPMultiplexing and Demultiplexing

IP




Unlike TCP, UDP offers no delivery guarantees or congestion avoidance. It is considered to be a means of best-efforttransport. UDP simply provides a transport mechanism for one application to send a datagram to another application. The responsibility for error recovery or any form of reliability resides with the application itself.

Like TCP, UDP uses port numbers to identify the receiving and sending application processes. It uses these port numbers in its multiplexing and demultiplexing operations.

Because there is no windowing (buffering) or any retransmission capability, UDP has found favor with real-time applications such as VoIP.

The following are some of the well-known UDP port numbers :

Port 67 – DHCP (Dynamic Host Configuration Protocol)

Port 69 – TFTP (Trivial File Transfer Protocol)

Port 123 – NTP (Network Timing Protocol)

Port 520 – RIP (Routing Information Protocol)

Alcatel-Lucent C


ot Distribute



UDP Header

Source Port Destination Port

Length Checksum

Data

32 Bits

The UDP header is extremely simple when compared to the TCP header. There are no synchronization, sequence, or acknowledgment fields. All that the header contains is the source application port number, the destination application port number, a length field for the length of the data, and a checksum for the UDP pseudo-header and data (IP source and destination addresses, UDP header and UDP data). This gives the UDP packet very little overhead.

Some protocols that use UDP include: SNMP, DNS, and DHCP.

Alcatel-Lucent C


ot Distribute



Module Summary

This module provided an overview of the protocols in the transport layer.

TCP uses sockets differentiate between applications.TCP provides connection-oriented services between hosts.TCP provides delivery guarantees for data.UDP uses ports for addressing.UDP provides a connectionless service.UDP provides no delivery guarantees for data.

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. In TCP, what is a send_SYN used for?A. Request a session.B. Synchronize the buffer rate.C. Synchronize the flow control.D. Request a retransmission of a missing segment.

2. In TCP, must the send and receive windows on a local host match?A. YesB. No

3. What process works in conjunction with the congestion-avoidance process in TCP when network congestion is detected?

A. Sliding windowB. AcknowledgmentC. Slow start

Alcatel-Lucent C


ot Distribute




4. What does UDP use to establish a session?A. Session requestB. Window sizeC. Hello protocolD. Nothing

5. How does UDP identify the application services that it is supporting?

A. Socket numberB. Port numberC. IP addressD. UDP allows the higher levels to track the application Service.

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent C


ot Distribute


Module 6 — IP Routing

Alcatel-Lucent C


ot Distribute

Module 6 - page 2Scalable IP Networks v1.00


Module Objectives


Discuss the operations and functions of a routerDiscuss the uses and benefits of static and default routes Discuss the operation of the distance vector protocol RIP

Alcatel-Lucent C


ot Distribute

IP Routing

Section 1 — Router Functions

Alcatel-Lucent C


ot Distribute



Functions of a Router

DestinationMAC

SourceMAC

TypeFCS Payload

12 3

DestinationIP

Source IP

4

1. Read the destination MAC address.

2. Check the FCS.

3. Check the protocol and extract the payload.

4. Record the destination IP address.

When a router receives a frame from a LAN, the first task is to read the destination MAC address to ensure that the router is the intended recipient of that frame.

The next step, assuming that the router is the intended recipient of the frame, is to check the FCS to see if there are any errors with the frame. If there are errors, the router discards the frame at this point.

Assuming the frame is received without error, the router checks the Type field to see which protocol is in the payload. The router then strips off the L2 headers and trailer and moves the payload to the L3 protocol.

The L3 protocol is mainly interested in the destination L3 address. It uses this address to make its forwarding decision.

Alcatel-Lucent C


ot Distribute



Functions of a Router (cont'd)

Routing Table

DestinationIP

SourceIP

Network Protocol Next-hop

4

5

DestinationMAC

SourceMACTypeFCS Payload6

5. Check the routing table to see if the network is reachable.

6. If the network is found, re-encapsulate the packet in an L2 frame.

The router, after examining the destination L3 address, consults its routing table to find out how to best handle the packet. The routing table reflects network reachability information (network). It then shows how the network was learned (protocol): is it local, a static router, or from a dynamic routing protocol? The final piece of information that concerns the router is what interface the packet is forwarded to (next-hop) so that it can reach its destination. If the packet is a network broadcast packet, the router discards the packet.

When the decision has been made, the router forms a new frame by encapsulating the packet in an L2 frame and sends it out the appropriate interface.

Alcatel-Lucent C


ot Distribute



IP – 1.1.1.2MAC = AGateway = 1.1.1.1 - B

IP – 2.2.2.2MAC = D

IP – 1.1.1.1MAC = B

IP – 2.2.2.1MAC = C

IP – 3.3.3.1 IP – 3.3.3.2

ARP Cache2.2.2.2 = DData

Source Dest. S D

1.1.1.2 2.2.2.2 A BFCS

Data

Source Dest. WAN

1.1.1.2 2.2.2.2 PPPFCS

Data

Source Dest. S D

1.1.1.2 2.2.2.2 C DFCS

Movement of Data

The basic flow of a packet of data through a network is as follows:

Device A (1.1.1.2) wants to send data to server D (2.2.2.2). Because device A is not located on the same segment as that of device D, it must use the default gateway for the segment. This default gateway is seen as IP address 1.1.1.1 in the figure above. Device A will ARP the 1.1.1.1 address to learn the MAC address of the gateway. The router responds with MAC address “B”. Device A is now able to encapsulate the data, as shown in the top block diagram. Note that the source and destination IP addresses identify the overall source and destination devices, whereas the frame source and destination addresses identify the path across the Ethernet segment only.

When the packet arrives at the left router (router B), the router removes the L2 header and trailer, checks its routing table, and determines that the data needs to be sent to the right router (router C). To accomplish this, router B encapsulates the data in a PPP frame and forwards it.

Router C removes the PPP frame and consults its routing table. Noting that the destination IP network is directly connected to its Ethernet port, router C consults its ARP cache to determine the framing. When the destination L2 MAC address is determined, router C can create the frame of data and forward it to router D.

Note that the IP addressing did not change throughout this movement of data. However, the L2 framing changed over each segment that the packet traversed. The IP address identifies a device within the entire network topology, whereas the L2 address identifies a device on that segment only.

Alcatel-Lucent C


ot Distribute



Routing Table Entries

A:PE1# show router route-table

===============================================================================Route Table (Router: Base)===============================================================================Dest Prefix Type Proto Age Pref

Next Hop[Interface Name] Metric -------------------------------------------------------------------------------10.1.2.0/24 Local Local 03d23h08m 0

to-p2r1 010.1.3.0/24 Local Local 03d23h08m 0

to-p3r1 010.1.4.0/24 Local Local 04d00h34m 0

to-p4r1 010.2.3.0/24 Remote OSPF 00h41m00s 10

10.1.2.21 200010.2.4.0/24 Remote OSPF 00h41m00s 10

10.1.2.21 200010.3.4.0/24 Remote OSPF 04d00h16m 10

10.1.3.31 200010.10.10.11/32 Local Local 06d18h33m 0

system 010.10.10.21/32 Remote OSPF 00h41m04s 10

10.1.2.21 1000-------------------------------------------------------------------------------No. of Routes: 8===============================================================================

As shown in the slide above, there is a lot of information in a routing table. Routing table entries show network reachability information, how the router learned about the network, and how to reach the network that it has learned.

The routing table Protocol field is broken down into three different categories of routes:

Static routes — Static routes are configured by the user. These routes define the next hop that a packet will take to reach a particular network. A static route overrides any routes learned through a dynamic routing protocol. There are two types of static routes: standard static route, which defines a network address and a next-hop, and default route, which uses 0.0.0.0/0 as the network address. This address is the wildcard address. If a packet does not match any destination addresses in the routing table, it matches the default route and takes the next hop in an attempt to get to its destination.

Local routes — These networks belong to directly connected interfaces. In a route look-up, these routes have priority over all others.

Dynamic routes — Dynamic routes are learned via a protocol (OSPF, IS-IS, BGP). Dynamic routes use metrics in the protocol to decide which route to install in the routing table, and they use the preference value to decide which protocol to believe if the network is learned via multiple protocols.

The Metric field is used by the router to decide which route to enter in the forwarding table when it has learned multiple routes to the same destination from the same protocol.

The Preference field is used by the router to decide which route to enter in the forwarding table when it has learned multiple routes to the same destination from different protocols.

When the router performs a routing table lookup it selects the entry with the longest match to the destination IP address in the packet’s destination field.

Alcatel-Lucent C


ot Distribute



Routing Protocols

Static Dynamic

IGP EGP

Distance Vector Link State

RIPv1 and RIPv2 OSPFIS-IS

Path Vector

BGP

Explicitly define next hop on every router/Define default route

Routing protocols can be divided into two main categories: static and dynamic. The dynamic routing protocol can be further divided into two main categories: IGP and EGP.

Interior gateway protocols can be further divided into distance vector and link state protocols.

Distance vector — A DV protocol uses a hop-count metric, to take the shortest route to a destination regardless of the bandwidth capability of the path. The common DV protocols are RIPv1 and RIPv2.

Link state — An LS protocol uses a cost metric that is a representation of the status of the link as well as the physical bandwidth of the interface. The LS protocols make their path selection based on the route that has the least cost, which is representative of the path that has the most physical bandwidth. It may not be the shortest path, but it is the best path with regard to bandwidth. Common LS protocols are OSPF and IS-IS.

Path vector — A path vector protocol is a routing protocol, sometimes known as a policy routing protocol, that is used to span different autonomous systems (e.g., BGP). The routing table maintains the autonomous systems that are traversed to reach the destination system.

Exterior gateway protocols — BGPv4 is the current standard for EGP. BGP is a specialized distance vector protocol that chooses the path not based on the number of routers that it must go through but rather based on the number of autonomous systems that it must go through.

Alcatel-Lucent C


ot Distribute



Static Routes

static-route in Router 1: Config router static-route 192.168.1.0/24 next-hop 10.1.1.1 metric ?? pref ??

192.168.1.0/24

10.1.1.1/3010.1.1.2/30

Router 1

Router 2

Static routes are manually configured and describe the remote destination network and the next hop that a packet must be forwarded to to reach the destination. The entry can be a single network or a range of networks.

If the local router does not participate in route advertising (dynamic routing), the remote routers must also have a static entry that defines how to return packets to the local router.

Static routing saves bandwidth and processing as there are no advertisements or updates. However, there is no real-time indication if the destination becomes unreachable.

Alcatel-Lucent C


ot Distribute



Default Routes

Static-route in Router 2: Config router static-route 0.0.0.0/0 next-hop 10.1.1.2 metric ??? pref ???

192.168.1.0/24

10.1.1.1/3010.1.1.2/30

Router 1

Router 2Stub

A default entry in the routing table is a wildcard entry that fits any destination. This is used when the destination address of a packet is not specifically defined in the routing table. It is recommended for use in stub routers, in which there is only one way for the stub network to get to all remote networks.

The destination network is 0.0.0.0, which describes any network, with a network mask of 0.0.0.0. A default route is a form of static route. It is the selection of the network address and mask (0.0.0.0/0) that define it as a default route.

Alcatel-Lucent C


ot Distribute



LAB 2.4-2.5 Static and Default Routes

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

Alcatel-Lucent C


ot Distribute



Routing Protocol Basics

Network A

Network B

?

? ?

?

How does Network A send data to Network B?

Router 2

Router 3Router 4

Router 1

All dynamic routing protocols serve the same purpose: to find paths through a network to connect different networks and then to advertise that information to neighbors. The dynamic routing protocols are all built around an algorithm that gives a router the capability of deciding which route to install in the routing table and then advertising that information to its peers.

Alcatel-Lucent C


ot Distribute



Path Determination

Network A172.16.1.0/24

Network B172.16.2.0/24

172.16.3.1/30172.16.3.2/30

172.16.3.5/30

172.16.3.6/30

172.16.3.9/30

172.16.3.10/30

172.16.3.13/30

172.16.3.14/30

Network A can reach Network B via Path 1 or Path 2. Which one is preferred?

Router 2

Router 3Router 4

Path 2

Path 1

Router 1

All networks are interconnected through routers and when a router has an interface connecting it to another router, the interface must have an address that belongs to a network. In the figure above, there are six distinct networks. Router 1 knows about networks 172.16.1.0/24, 172.16.3.0/30, and 172.16.3.12/30 because it has interfaces or local connectivity to the networks. Likewise, Router 2 knows about networks 172.16.3.0/30 and 172.16.3.4/30. Router 3 knows about networks 172.16.3.12/30 and 172.16.3.8/30, and Router 4 knows networks 172.16.3.8/30, 172.16.3.4/30, and 172.16.2.0/24.

Router 1’s function is to enter its locally connected networks into its routing table and identify them as locally connected networks. It then takes this information and advertises it to routers 2, 3, and 4. This advertisement is called a router update. Routers 2, 3, and 4 will carry out the same operation, advertising their routing updates to the other routers in the network.

Complexity occurs when a router receives this information. For example, when Router 1 receives the information from Router 2 should it place this information in its routing table? Should it pass this information on to Router 3? If Router 1 has heard about network 172.16.3.4/30 from Router 2 and Router 3, which entry should it put in its routing table?

Alcatel-Lucent C


ot Distribute



Metrics

Network A172.16.1.0/24

Router 1

Network Next-hop router

172.16.3.0/30 to Router 2

172.16.3.12/30 to Router 3

172.16.1.0/24 to Net A172.16.3.4/30

172.16.3.8/30

172.16.2.0/24

172.16.3.4/30172.16.3.2

172.16.3.14172.16.3.14

172.16.3.2172.16.3.8/30

172.16.3.12/30 172.16.3.2

172.16.3.14172.16.3.0/30

172.16.2.0/24 172.16.3.2172.16.3.14

Metric

03030121222

to Router 3

to R

oute

r 2

As shown in the figure above, Router 1 is being flooded with information about network reachability and which paths it can use to get to those destinations. The router requires a way of determining which path is best when it has received multiple paths to the same destination. This method of determining the best path is referred to as metrics. A metric is a value that is assigned to each path to assist in determining which path is best.

In the figure above, Router 1 sees networks 172.16.1.0/24, 172.16.3.0/30, and 172.16.3.12/30. These are local directly connected interfaces. Each of these networks can reach the others because they are directly connected and are considered the best paths. The other three networks, 172.16.3.4/30, 172.16.3.8/30, and 172.16.2.0/24, can be reached via multiple paths. Therefore, the router must decide on a best path to each of these networks among all the paths. Metrics is one of the criteria used by the router to make this decision.

Metrics depend on the type of protocol used. RIPv1 and RIPv2 use hop count for a metric, OSPF and IS-IS use port bandwidth as a metric, and BGP uses AS path count as a metric. Note that metrics are always 0 for a directly connected network.

The hop-count metric chooses the path that goes through the fewest number of routers. It does not take into account the bandwidth of the links. With regard to the above example for network 172.16.3.8/30, using hop count, Router 1 would select the path that goes through Router 3. This link could be T1 while the path through Routers 2 and 4 are going over gigabit Ethernet links.

Bandwidth metric will choose a higher bandwidth path over a shorter distance. In the previous hop-count metric example, a dynamic protocol that uses bandwidth, such as OSPF and IS-IS, would choose the path through Routers 2 and 4 to reach network 172.16.3.8/30 even though the physical distance is twice as long.

.

Alcatel-Lucent C


ot Distribute



Convergence

Network A172.16.1.0/24

Network B172.16.2.0/24

Network172.16.3.0/30

Network172.16.3.4/30

Network172.16.3.8/30

Network172.16.3.12/30

Router 1 Router 2

Router 3Router 4

All dynamic routing protocols require a way of transmitting the information about their locally connected routes to other routers in the network. Routers also require a method of receiving and processing the information. While processing the information, a routing protocol must use its metrics to decide on the best path. Each router calculates the best path to all networks advertised by every other router in the internetwork and places this information in its routing table. The network is said to be in a convergence state when all routers have successfully computed the best paths and placed them in the routing tables.

When the network topology changes, the neighbors must update their routing information and transmit this change throughout the internetwork.

Alcatel-Lucent C


ot Distribute

IP Routing

Section 2 — Distance Vector Overview

Alcatel-Lucent C


ot Distribute



Distance Vector Overview

100 Mb/s

1 Gb/s

1 Gb/s 1 Gb/s

RTR-A RTR-B

RTR-C RTR-D

Routers send periodic updates to physically adjacent neighborsUpdates contain distance (how far) and vectors (direction) for networks

Distance vector routing algorithms (Bellman-Ford) pass periodic copies of a routing table from router to router. Regular (timed-interval) updates between routers communicate topology changes.

Each router receives a routing table from its direct neighbor.

In the figure above, RTR-B receives information from RTR-A.

RTR-B uses the information received from RTR-A to recalculate its routing table.

RTR-B then sends its routing table to RTR-D.

This same step-by-step process occurs in all directions between direct-neighbor routers.

IMPORTANT — With distance vector, no routing table is transmitted beyond the immediate neighbor. For example, RTR-D never sees a routing update directly from RTR-A.

The distance vector algorithm allows network metrics to accumulate and maintains a table showing the next hop for all destinations listed.

Alcatel-Lucent C


ot Distribute



Distance Vector Overview (cont'd)

Periodic update

sent to neighbor

routersUpdate from neighbor

Process

and compare

with routing

table

The figure above shows the distance vector step-by-step process for updating all routers in an internet when a topology change occurs.

Each router sends its entire routing table to each of its adjacent neighbors. This table includes reachable addresses, a value representing the distance metric, and the IP address of the first router on the path to each network that it knows about.

As each router receives an update from its neighbor, it calculates a new routing table and transmits that to each of its neighbors at the next timed interval.

In a very large network with many routers, this process can take quite a while.

Alcatel-Lucent C


ot Distribute



Distance Vector Problems

Routing loopsNetwork changes are sent to all routers at periodic intervals.Changes and updates are not sent simultaneously.Slow convergence can cause routing loops.If Network A becomes unreachable, RTR-A sends an update to RTR-B.RTR-B will update RTR-C and RTR-D, but RTR-D can send its periodic update to RTR-C and RTR-B before RTR-B’s update.The packet for RTR-A from other routers will go to RTR-D to RTR-B and then back to RTR-D Routing Loop.

RTR-A

RTR-B

RTR-C

Network A172.16.1.0/24

RTR-D

Alcatel-Lucent C


ot Distribute



Loop Avoidance

Split horizon — Do not advertise networks back to the source of the network information.

RTR-A RTR-B RTR-CX

10.0.0.010.0.0.0 – 1 Hop10.0.0.0 – 2 Hops

Routing Table:10.0.0.0 – 1 hop

via 1/1/1

Routing Table:10.0.0.0 – 0 hops

via 1/1/3


via 1/1/2

Split horizon is a loop-avoidance technique for physically adjacent devices. In simplistic terms, split horizon states that an adjacent router will not readvertise a learned network to the router that originally advertised the network.

Without this policy, routers would be susceptible to routing loops. If RTR-C loses network 10.0.0.0, and if RTR-B does not block readvertisments to RTR-C, RTR-C could think that network 10.0.0.0 is accessible via RTR-B. This would cause a loop and a major disruption in traffic flow. To ensure this does not happen, all routers running a distance vector protocol support split horizon.

Alcatel-Lucent C


ot Distribute



Loop Avoidance (cont'd)

Route poisoning — When a network goes away, the sourcing router sets the hop value to infinity and sends a triggered update to its neighbors.

RTR-A RTR-B RTR-C

10.0.0.010.0.0.0 – 16 Hops10.0.0.0 – 16 Hops


via 1/1/1


via 1/1/3


via 1/1/2

X


via 1/1/3


via 1/1/1


via 1/1/2

Route poisoning is used to speed up convergence. When used in conjunction with triggered updates, the convergence of a network speeds up. Route poisoning is accomplished by the router that is directly connected to the network that goes away. When it determines that the network is not accessible, the router sets the hop count to infinity (16 hops for RIP) and forwards a message to all directly attached neighbors. The neighbors change their routing tables and forward the message to their neighbors on all other links. Note that split horizon still applies when forwarding a route poison advertisement.

In the example above, RTR-C’s Ethernet fails. RTR-C sets its routing entry to infinity and sends an update to RTR-B. RTR-B changes its routing table entry and forwards the change to RTR-A. This ensures that all routers learn of the topology change, and by keeping the route in the routing table, the possibility of creating a false path to network 10.0.0.0 is decreased.

Alcatel-Lucent C


ot Distribute




Poison reverse — The only time that split horizon is violated. Poison reverse helps to avoid loop creation when a network fails.

RTR-A RTR-B RTR-C

10.0.0.010.0.0.0 – 16 Hops10.0.0.0 – 16 Hops

X

10.0.0.0 – 16 HopsPoison Reverse



via 1/1/1


via 1/1/3


via 1/1/2


via 1/1/3


via 1/1/1


via 1/1/2

Poison reverse is the only time that split horizon is violated in a distance vector routing protocol environment. The idea of poison reverse is to confirm to the preceding device that the update about a network going away has been recorded. This response to the originator also ensures that a loop-free topology is created.

In the example above, RTR-C’s Ethernet fails. RTR-C sets its routing entry to infinity and sends an update to RTR-B. RTR-B changes its routing table entry and forwards the change to RTR-A. RTR-B also sends a poison reverse message back out the interface that RTR-C’s message came in on. This ensures a loop-free topology. When RTR-A gets the route poisoning message from RTR-B, it also sends a poison reverse message back on the interface that the message was received on.

Alcatel-Lucent C


ot Distribute



Routing Table:10.0.0.0 – 16 hop –

Via 1/1/1


via 1/1/3


Via 1/1/0


via 1/1/1


Via 1/1/1


via 1/1/2


Hold-down timers — Provide time for other routers to converge and reduce the creation of loops when a network fails

RTR-A RTR-B RTR-C

10.0.0.010.0.0.0 – 16 Hops10.0.0.0 – 16 Hops

X

Hold-down timer180 seconds



Hold-down timers keep the failed network in the routing table, with the hop count set to infinity, for a predetermined period of time. This allows time for the other routers in the network to receive the topology change update without causing loops.

In the example above, RTR-C’s Ethernet fails. RTR-C sets its routing entry to infinity and sends an update to RTR-B. RTR-B changes its routing table entry by changing the metric to infinity, and it starts its hold-down timer. RTR-B will not remove the route until the hold-down timer has expired. This ensures that all routers learn of the topology change without causing a loop during convergence. Keeping the route in the routing table decreases the possibility of creating a false path to network 10.0.0.0.

Note that RIP does not make use of a hold-down timer.

Alcatel-Lucent C


ot Distribute




Via 1/1/0


via 1/1/3


Via 1/1/1


via 1/1/1


Via 1/1/0


via 1/1/2

Topology Change

Combined loop-avoidance mechanisms would look something like this example:

RTR-A RTR-B RTR-C

10.0.0.010.0.0.0 – 16 Hops10.0.0.0 – 16 Hops

X






When combined, the mixture of route poisoning, poison reverse, triggered updates, and hold-down timers provides a robust loop-avoidance technique when routes fail in a network.

In the example above, RTR-C’s Ethernet fails. RTR-C sets its routing entry to infinity, sets the hold-down timer, and sends an update to RTR-B. RTR-B changes its routing table entry, sets the hold-down timer, and forwards the change to RTR-A. RTR-B also sends a poison reverse message back out the interface that RTR-C’s message came in on. When RTR-A gets the route poisoning message from RTR-B, it also sends a poison reverse message back on the interface that the message was received on. In addition, it modifies the routing entry by setting it to infinity and invokes its hold-down timer.

Alcatel-Lucent C


ot Distribute

IP Routing

Section 3 — Configuring RIP

Alcatel-Lucent C


ot Distribute



RIPv1 — Overview

Uses hop-count metricAdvertises updates with broadcast addressingMaximum of 15 hops; 16 equals infinityMaximum of 25 network entries per packet30-second advertisement intervalNo security or authenticationClassful routing protocol

RIPv1 was originally outlined in June 1988 and is defined in RFC 1058.

RIP is an IGP that uses a distance vector algorithm to determine the best route to a destination, using hop count as the metric. A hop is a network-layer device such as a router. For the protocol to provide complete information on routing, every router in the domain must participate in the protocol. RIP is a routing protocol based on a distance vector (Bellman-Ford) algorithm, which advertises network reachability by advertising the prefix/mask and the metric (also known as hop count or cost).

RIPv1 uses broadcast updates to advertise the networks. In the updates, the maximum number of networks that can be advertised per packet is 25. Therefore, if a router needs to advertise 30 networks to its peers, it will send 2 packets every 30 seconds. The first will contain 25 network entries, and the second will contain the remaining 5 network entries. Alcatel-Lucent supports modification of this parameter to a maximum of 255 network entries per packet.

By default, RIP advertises all RIP routes to each peer every 30 seconds. In RIP, the hop metric is limited to a maximum value of 15 hops, i.e., networks can be no more than 15 routers away. To signify that a network is unreachable, the hop value is set to 16, which equates to infinity for RIP. Each router along the path increments the hop count value by 1. The maximum number of hops in a path is 15. If a router receives a routing update with a metric of 15 that contains a new or modified entry, increasing the metric value by 1 will cause the metric increment to 16 (infinity). Then, the destination is considered unreachable. The 7750 SR implementation of RIP uses split horizon with poison reverse to protect from such problems as “counting to infinity”. Split horizon with poison reverse means that routes learned from a neighbor through a given interface are advertised in updates out of the same interface but with a metric of 16 (infinity).

RIPv1 does not support any security or authentication mechanism. However, the more modern version, RIPv2, does have built-in authentication.

The 7750 SR software supports RIPv1 and RIPv2. RIPv1 was written and implemented prior to the introduction of CIDR. Therefore it is a classful routing protocol. It assumes the following netmask information for non-local routes, based on the class the route belongs to:

Class A — 8-bit mask

Class B — 16-bit mask

Class C — 24-bit mask

Alcatel-Lucent C


ot Distribute



RIPv2 Overview

RIPv2 is an evolution of RIPv1. In addition to supporting all RIPv1 features, it supports :

VLSMAuthentication of routing updatesNext-hop addresses carried with each route entryExternal route tagsMulticast route updates

RIPv2 is a classless routing protocol.

Alcatel-Lucent C


ot Distribute



RIPv1 vs. RIPv2

RIPv2Classless routing protocolMulticast updates every 30 secondsSupport for MD5Tagging of external routesHop-count metric16 hops equal infinity

RIPv1Classful routing protocolBroadcast updates every 30 secondsAll updates sent in clearNo method of identifying external routesHop-count metric16 hops equal infinity

Alcatel-Lucent C


ot Distribute



RIP Neighbors

Router 1 Router 2

Router 4Router 3

Router 4 has two neighbors, Router 2 and Router 3

Router 1 has two neighbors, Router 2 and Router 3

When a routing protocol refers to neighbors, it is referring to other routers that share a common data link. A distance vector protocol such as RIP sends its updates to its neighbors and relies on them to pass the information on through the internetwork.

This process is referred to as hop-by-hop updating.

Alcatel-Lucent C


ot Distribute



RIP Messages

Request

Req

uest

Response

Response

Router 1 Router 2

Router 4Router 3

The RIP routing process is a distance vector routing process and operates using UDP port 520. RIP defines two message types: request and response messages. The request message is used to ask RIP neighbors to send an update. The response message is the update itself.

On startup, a RIP router broadcasts or multicasts a packet carrying a RIP request message out of all the RIP-enabled interfaces. When the RIP neighbors receive this message, they generate a response message in the form of an update.

Alcatel-Lucent C


ot Distribute



RIP Updates

RIP update includes the entirerouting table (25 entries)

RIP update includes the entire

routing table (25 entries)

Router 1

Router 2

Router 4

Router 3

Distance vector protocols normally assume that the neighbor knows nothing. Therefore, when a distance vector protocol sends an update it contains everything from its routing table. The neighbor takes what it needs from the update and discards the rest.

An update message can hold a maximum of 25 routes per update. RIP routers then continue to send complete updates (the entire routing table) every 30 seconds.

The response or update message timer that initiates the generation of the update message has a random variable to prevent table synchronization (all routers sending their updates at the same time). As a result of this random variable, the time between individual updates can be from 25 to 35 seconds.

Alcatel-Lucent C


ot Distribute



RIP Operation

10.1.1.0/24

NetworkCloud

(assume 12 routers separate Router B

& C

10.1.1.0/24Update from A

1 hop

10.1.1.0/24Update from B

2 hops

10.1.1.0/24Update from C

15 hops

A B C D

10.1.1.0/24Update received by C

14 hops

A Routing Table:Destination Metric Valid10.1.1.0/24 0 Yes

B Routing Table:Destination Metric Valid10.1.1.0/24 2 Yes

C Routing Table:Destination Metric Valid10.1.1.0/24 15 Yes

D Routing Table:Destination Metric ValidRoute INVALID, do not Populate In table

By default the RIP router advertises all RIP routes to each neighbor every 30 seconds. RIP uses a hop-count metric to determine the distance between the packet source and the packet destination. The metric values for a valid route is 1 to 15 inclusive. A route that has a metric value of 16 (infinity) indicates that the route is no longer valid and should be removed from the routing table.

In the slide above, router A sends an Update message containing the route 10.1.1.0/24 with a metric of 0, to router B. Router B updates the metric for the route by adding the cost of the network on which the message arrived. If the result is greater than infinity, infinity (16) is used. That is the metric = MIN (metric + cost, infinity). It then check to see whether there is already an explicit route for the destination address. If there is no such route, router B adds this route to its routing table with the newly calculated metric of 2. It also initializes the Timeout timer for the route. It then triggers a new update message about this route (10.1.1.0/24) which it sends to its neighbor(s) (into the network cloud, in the slide above).

This process is repeated at each router within the cloud which would receive an Update about route 10.1.1.0/24. Hence, router C receives an Update containing route 10.1.1.0/24 with a metric of 14. It calculates the metric value to 15, adds the route to its routing table and sends a new Update message about this route to router D.

Router D calculates the new metric value to 16. As this value indicates that the route is unreachable, router D does not populate this route in its routing table

If a router already has an entry in its database for the route received in the Update, then the following occurs:

-If this datagram is from the same router as the existing route, the router reinitialize the timeout.

- If the datagram is from the same router as the existing route, and the new metric is different or lower than the old one the route and associated info contained in the update replaces the existing route entry. And the router then sends an Update about this route to its neighbors.

-If the new metric associated with the route is infinity then the Flush timer is initiated. The route is no longer used for routing packets. Note that the deletion process (Flush timer) is started only when the metric is first set to infinity. If the metric was already infinity, then a new deletion process is not started.

Alcatel-Lucent C


ot Distribute



RIP Timers

RIP uses the following three timers:

Update Timerfrequency with which a router sends an update about its routes, to its neighbors

Timeout Timeramount of time within which a router must receive an update about a route. If the timeout timer expires and no update has been received, the route is declared Invalid, but is kept in theRIP database

Flush Timeramount of time a route that has been declared Invalid remains in the database before being removed

By default, every 30 seconds a RIP router sends an unsolicited update message containing its complete routing table to all its peers.

Each route has two timers associated with it: the timeout and flush timers. If the Timeout timer expires and no updates have been received about a given route, that route is marked invalid, but is maintained in the routing table for a short time so that neighbors can be notified that the route has been dropped. The invalid route is still included in the route updates sent by the router until the flush timer expires. When the flush timer expires, the invalid route is removed from the routing table. If an update about the invalid route is received while the flush timer is running, the new route update will replace the one that is about to be deleted. In this case the flush timer must be cleared.

On the 7x50 SR/ESS the default values for the update, timeout and flush timers are respectively, 30 seconds, 180 seconds and 120 seconds.

Alcatel-Lucent C


ot Distribute



RIP Timers (cont’d)

A B

Update

10.1.1.0/24

Router B receives update

T=0s

Timeout timerStarts


No updatereceived


No updatereceived

Still no updatereceived

T=30s T=210s T=300s T=480s T=600s

Timeout timerresets

Router B declares route

InvalidFlush timer

starts

Router B ClearsFlush Timer &

Resets Timeout Timer

Route is Valid

Router B declares route

InvalidFlush timer

starts

Router B removes route from routing

table

Update Timer = 30s Timeout Timer = 180sFlush Timer = 120s

In the above slide, router A sends an update to router B about the route 10.1.1.0/24. At time T= 0 seconds, router B receives the update and populates the route in its routing table. It also initializes the timeout timer. After 30 seconds router A sends another update about the route 10.1.1.0/24, which is received by router B. Router B resets the timeout timer associated with this route. After 180 seconds, router B receives no updates about the route 10.1.1.0/24. The associated timeout timer expires, and router B declares the route invalid. Router B also initializes the flush timer. After 90 seconds router B receives and update about route 10.1.1.0/24. It replaces the route entry with the info in the new update (route is valid again), clears the flush timer and initializes the timeout timer. After 180 seconds, router B receives no updates about route 10.1.1.0/24 and declares it invalid, as the timeout timer has expired. After 120 seconds, router B still does not receive any update about route 10.1.1.0/24, and as the flush timer has now expired, it therefore deletes the route from its routing table.

Alcatel-Lucent C


ot Distribute



RIP — Pinhole Congestion

10.1.1.0/24 101.10.1.0/24

GigE

GigE

GigE

T1 T1

Traffic Flow

The only metric used by RIP in its routing computation is hop count. The figure above shows that, despite having a higher-bandwidth path through the top of the network, RIP always chooses the route or path with the fewest hops. In this case, all traffic will flow across the T1 link, leaving the gigabit Ethernet path unused. This is known as pinhole congestion.

Alcatel-Lucent C


ot Distribute



Basic RIP Configuration

All RIP instances must be explicitly created on each device. Once created, RIP is administratively enabled.To configure RIP, perform the following tasks:

Configure interfacesConfigure policy statements (optional)Enable RIPConfigure group parametersConfigure neighbor parameters

Note that routers will not automatically advertise routes with RIP. A route policy must be created and applied to RIP to dictate which routes are to be advertised.

Alcatel-Lucent C


ot Distribute



Basic RIP Configuration Example

PE3>config>router>rip# info----------------------------------------------export RIP_policygroup "RIP-A"

neighbor "to-pe2“neighbor “to-pe1”exit

exit----------------------------------------------PE3>config>router>rip#

Alcatel-Lucent C


ot Distribute



Show RIP Neighbors

PE3>show>router>rip# neighbor

===============================================================================

RIP Neighbors

===============================================================================

Interface Adm Opr Primary IP Send Recv Metric

Mode Mode In

-------------------------------------------------------------------------------

To-pe1 Up Up 192.168.1.1 BCast Both 1

To-pe2 Up Up 192.168.1.10 BCast Both 1

------------------------------------------------------------------------------

No. of RIP Neighbors: 2

===============================================================================

The slide above shows the neighbor information of the RIP routing protocol, including the interfaces that RIP is running on and the addresses of these interfaces.

Note that the send mode is set to broadcast. This is the default value so that RIPv2 is backward-compatible with routers that are running RIPv1. This can be manually configured to multicast. The receive mode is set to both so that it can receive updates from either RIPv1 or RIPv2 routers. Finally, the metric is one hop for these interfaces.

Alcatel-Lucent C


ot Distribute



Show RIP Peers

PE3# show router rip peers=================================================================RIP Peers=================================================================Peer IP Addr Interface Name Version Last Update-----------------------------------------------------------------10.10.10.1 to-pe1 RIPv2 010.10.10.2 to-pe2 RIPv2 2-----------------------------------------------------------------No. of Peers: 2=================================================================

The slide above shows the peer information of the RIP routing protocol, including the IP addresses of the peers, the name of the interfaces to reach them, the version of RIP that is running on those interfaces, and the last updated sent to the peer.

Peer IP Addr : The IP address of the peer router.Interface Name: The peer interface name.Version: The version of RIP running on the peer.Last Update : The number of seconds since the last update sent to the peer.

Alcatel-Lucent C


ot Distribute



Show RIP Database

ND184>show>router>rip# database

===========================================================================

RIP Route Database

===========================================================================

Destination Peer Interface Met TTL Valid

---------------------------------------------------------------------------

172.0.0.181/32 192.168.1.2 to182 2 172 No

172.0.0.181/32 192.168.1.9 to181 1 164 Yes

172.0.0.182/32 192.168.1.2 to182 1 172 Yes

172.0.0.182/32 192.168.1.9 to181 2 164 No

192.168.1.4/30 192.168.1.2 to182 1 172 Yes

192.168.1.4/30 192.168.1.9 to181 1 164 No

---------------------------------------------------------------------------

No. of Routes: 6

The slide above shows the RIP database summary information, including all networks and addresses of the peers from which the router has received the updates.

Note that the routes are marked as either valid or not valid. The valid routes are the ones that have the fewest hops (metric) associated with them.

Alcatel-Lucent C


ot Distribute



Show RIP Update

ND184>show>router>rip# database detail

===============================================================================

RIP Database (Detail)

===============================================================================

Destination : 172.0.0.181/32 Next Hop : 0.0.0.0

Interface : to182 Peer : 192.168.1.2

Metric : 2 Tag : 0x0000

TTL : 167 Valid : No

Destination : 172.0.0.181/32 Next Hop : 0.0.0.0

Interface : to181 Peer : 192.168.1.9

Metric : 1 Tag : 0x0000

TTL : 162 Valid : Yes

The slide above shows a portion of the information that is carried in a RIP update message. A single update message can carry a maximum of 25 networks. The information shown is similar to the database summary information shown in the previous slide.

Alcatel-Lucent C


ot Distribute



Show RIP Group

ND184>show>router>rip# group detail

=========================================================================

RIP groups (Detail)

=========================================================================

-------------------------------------------------------------------------

Group "rip"

-------------------------------------------------------------------------

Description : No Description Available

Admin State : Up Oper State : Up

Send Mode : Broadcast Receive Mode : Both

Metric In : 1 Metric Out : 1

Split Horizon : Enabled Check Zero : Disabled

Message Size : 25 Preference : 100

Auth. Type : None Update Timer : 30

Timeout Timer : 180 Flush Timer : 120

Export Policies: rip

Import Policies: None

=========================================================================

The slide above shows the configuration information that is applied to all RIP neighbors that belong to this group. The RIP neighbors are the interfaces that are part of the RIP routing process.

Any changes that are made to the group are automatically pushed down to all neighbors that belong to the group. This eases configuration.

Alcatel-Lucent C


ot Distribute



Module Summary

Router functionsRouting loopsStatic and default routesDistance vectorIssues with distance vectorLoop-avoidance mechanisms

Split horizonRoute poisoningPoison reverseHold-down timers

RIPv1 and RIPv2General RIP operations and updatesRIP show commands

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. The Layer 2 address is used by the router to make its forwarding decision.A. TrueB. False

2. What is the preference value found in the routing table used for?A. Differentiate between multiple routes to a destination learned by the same protocolB. Differentiate between multiple routes to a destination learned by different protocolsC. Serves no purpose

3. Static routes do not respond in real time to a failure. A. True B. False

Alcatel-Lucent C


ot Distribute



Learning Assessment (cont'd)

4. What are the functions of a routing protocol? Choose all that apply.A. Calculate an optimal path through a network.B. Notify applications of inability to reach destination.C. Advertise network reachability information to neighbors.D. Apply flow control to traffic to reduce congestion.

5. What is the maximum number of routes that can be carried in a RIPv1 update message?A. 15B. 25C. 30D. 45

Alcatel-Lucent C


ot Distribute




Left blank for notes

1. The Layer 2 address is used by the router to make its forwarding decision.A. TrueB. False

2. What is the preference value found in the routing table used for?A. Differentiate between multiple routes to a destination learned by the same protocolB. Differentiate between multiple routes to a destination learned by different protocols C. Serves no purpose

3. Static routes do not respond in real time to a failure. A. True B. False

4. What are the functions of a routing protocol? Choose all that apply.A. Calculate an optimal path through a network. B. Notify applications of inability to reach destination. C. Advertise network reachability information to neighbors. D. Apply flow control to traffic to reduce congestion.

5. What is the maximum number of routes that can be carried in a RIPv1 update message?A. 15B. 25 C. 30D. 45

Alcatel-Lucent C


ot Distribute



LAB 3.1 - Basic RIP Configuration

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

RIP

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent C


ot Distribute


Module 7 — Link-State Routing Protocols

Alcatel-Lucent C


ot Distribute



Module Objectives


Understand link state protocol behaviorUnderstand the terminology used in OSPFUnderstand the concepts of areas used in OSPFDescribe the contents of the different databases used in the OSPF routing processDiscuss the different link state advertisements used in OSPF Configure and verify a simple (flat) OSPF networkConfigure and verify a hierarchical OSPF network

Alcatel-Lucent C


ot Distribute

Link-State Routing Protocols

Section 1 — Link State Overview

Alcatel-Lucent C


ot Distribute



Distance vectorDistance vector Link stateLink state

Views the network topology from the neighbor’s perspective

Adds distance vectors from router to router

Frequent, periodic updates: slow convergence

Passes copies of the routingtable to neighbor routers

Views the network topology from the neighbor’s perspective

Adds distance vectors from router to router

Frequent, periodic updates: slow convergence

Passes copies of the routingtable to neighbor routers

Gets a common view of theentire network topology

Calculates the shortestpath to other routers

Event-triggered updates:faster convergence

Passes link-state routingupdates to other routers

Gets a common view of theentire network topology

Calculates the shortestpath to other routers

Event-triggered updates:faster convergence

Passes link-state routingupdates to other routers

Distance Vector vs. Link State

Link state and distance vector can be compared in several key areas:

1. Distance vector sees everything and learns everything as "next hop“. Link state obtains a wide view of the entire internetwork topology by accumulating all necessary LSPs.

2. Distance vector determines the best path by adding to the metric value it receives as tables move from router to router. With link state, each router calculates its own shortest path to destinations.

3. Distance vector is a daisy chain of tables passed using periodic table updates. This leads to slow convergence, particularly in large networks.

4. With link state, updates are triggered by topology changes. Relatively small LSPs are passed to all other routers or to a multicast group of routers, which usually results in faster convergence times.

Alcatel-Lucent C


ot Distribute



Sends subnet mask in update

Supports VLSM, CIDR, and manual route summarization

Supports authentication

Maintains multiple databases

Sends updates using multicast addressing

Link-state driven updates, periodic hellos

Link State Overview

Link-state protocols have the following common attributes:

Link-state protocols trigger an update when a link (interface) changes state. The router connected to the link initiates a triggered update to its neighbors to notify them of the topology change. If the network is stable and no changes in links are detected, the routers send periodic hello messages to maintain connectivity without having to consume excessive bandwidth.

The updates contain the subnet mask of each network being advertised. This allows for more optimal network design and accurate path selection.

VLSM and CIDR are supported in all link-state protocols.

Due to the classless aspects of link-state protocols, manual summarization is actively supported. This allows for network administrators to have much more control of where and how the summarization takes place.

All modern link-state protocols support authentication of the updates being sent between the routers. This ensures that accurate network topologies are created without false information or errors.

Link-state protocols maintain three common databases: topology (link state DB), neighbor (adjacency DB), and routing table (forwarding DB).

Modern link-state protocols use a multicast address to convey updates and hellos to their neighbor link-state routing peers. This reduces processing on devices in the network that are not running the link-state protocol.

Alcatel-Lucent C


ot Distribute



Link State Overview (continued)

Link = An interfaceState = Active or inactive interfaceIS-IS and OSPF are link-state protocolsMore complex than distance vectorFaster convergenceTriggered updatesThree databases:

Adjacency — Neighbor databaseTopology — Link-State databaseRouting — Forwarding database

Link state, also known as SPF, maintains a complex database of topology information. While distance vector has nonspecific information about distant networks and no knowledge of distant routers, link state maintains full knowledge of distant routers and how they interconnect. OSPF and IS-IS are examples of link-state routing protocols.

LSPs are used to transmit the information necessary to build a topological database, which is used by the SPF algorithm to construct a SPF tree, and finally, a routing table of paths and ports to each network. When a link-state topology changes, the routers must become aware of the change and send information to other routers or to a designated router that all other routers can use for updates. This involves the propagation of common routing information to all routers in the network. To achieve convergence, each router does the following:

Keeps track of it neighbors.

Constructs an LSP that lists neighbor router names and link metrics (cost). This includes new neighbors, change metrics, and links to neighbors that have gone down.

Sends out the LSP so that all routers receive it.

When it receives an LSP, records the LSP in its database so that it can store the most recent LSP received.

Using accumulated LSP data to construct a complete network topology, proceeds from the common starting point for the SPF algorithm and compute routes to every network.

Each time an LSP causes a change to the link-state database, the link-state algorithm recalculates the best paths and updates the routing table.

Alcatel-Lucent C


ot Distribute




Adjacency database

Link State DatabaseRTR-A to RTR-C, cost=1000RTR-A to RTR-B, cost=1000RTR-C to RTR-B, cost=1000

RTR-B to 2.2.2.0/24, cost=1000… …

Link-state databaseForwarding database

Adjacency DatabaseRTR-B — on 1/1/2RTR-C — on 1/1/1

Routing Table:2.2.2.0/24 — via 1/1/2

RTR-A

RTR-C

RTR-B

Network2.2.2.0/24

1/1/2

1/1/1

Link state protocols keep three databases in the routers:

The adjacency database, sometimes called the neighbor database, keeps track of all the other routers that are directly attached and passing link state routing information. The adjacency database is maintained with periodic hello messages.

The LSDB has all learned paths to all destination networks. It is this database that is used to create the SPF tree that ultimately creates the routing table.

The routing table, sometimes called the forwarding database, is used by the router to accurately forward IP packets to the destination network.

Alcatel-Lucent C


ot Distribute




Routing Table10.0.0.0/8 via 2.2.2.1

…

Routing Table10.0.0.0/8 via 2.2.2.1

…

A to 2.2.2.0/30 Cost 10A to 3.3.3.0/30 Cost 10B to 4.4.4.0/30 Cost 10C to 10.0.0.0/8 Cost 10

… …

A to 2.2.2.0/30 Cost 10A to 3.3.3.0/30 Cost 10B to 4.4.4.0/30 Cost 10C to 10.0.0.0/8 Cost 10

… …

Step 1 – Updates received from peers

Step 2 – Topology databaseCreated

Step 3 – SPF algorithm determines the best

path to destination networksStep 4 – Routingtable created

10.0.0.0/8Via 2.2.2.1 Cost 20 - BEST

Via 3.3.3.1 Cost 30 … …

10.0.0.0/8Via 2.2.2.1 Cost 20 - BEST

Via 3.3.3.1 Cost 30 … …

10.0.0.0/8

3.3.3.0/30

.1.2

2.2.2.0/30

.2.1

AFrom router’s APoint-of-view

B

C

.1

.2

4.4.4.0/30

Link state, also known as SPF, maintains a complex database of topology information.

While distance vector has nonspecific information about distant networks and no knowledge of distant routers, link state maintains full knowledge of distant routers and how they interconnect.

Alcatel-Lucent C


ot Distribute



Exchange of Link State Information

A B C D

R1 Link-state PacketR1 Link-state Packet

AA 1010

BB 1010

R1 R2 R3


BB 1010

CC 1010


CC 1010

DD 1010

Routers exchange LSPs with each other. Each router begins with the directly connected networks for which it has direct link-state information.

Network discovery for link-state routing uses the following processes:

Routers exchange LSPs with each other. Each router begins with the directly connected networks for which it has direct link-state information. It floods its link-state information to other routers in the network.

Alcatel-Lucent C


ot Distribute



Topological Database

A B C DR1 R2 R3

R1 Link-state packetR1 Link-state packet

AA 1010

BB 1010


BB 1010

CC 1010


CC 1010

DD 1010


AA 1010

BB 1010


BB 1010

CC 1010


CC 1010

DD 1010


AA 1010

BB 1010


BB 1010

CC 1010


CC 1010

DD 1010

Network discovery for link-state routing uses the following processes (continued):

Each router constructs a topological database that consists of all the LS information from the other routers in the network.

Alcatel-Lucent C


ot Distribute



A B C DR1 R2 R3


AA 1010

BB 1010


BB 1010

CC 1010


CC 1010

DD 1010

SPF tree

SPF

R1Routing

table

R1Routing

table

1

2

3

Calculating the SPF Tree and Populating the Routing Table

Network discovery for link-state routing uses the following processes (continued):

1. The SPF algorithm computes network reachability, determining the shortest path to the other networks in the link-state network.

2. The router constructs this logical topology of shortest paths as a tree, with itself as root.

3. The router lists its best paths and the ports to these destination networks in the routing table. It also maintains additional topology elements and status details.

When all these processes are complete, normal routing of packets can begin.

Alcatel-Lucent C


ot Distribute



Topology Changes

Run SPFUpdateroutingtable






Topologychange

Topologychange

Link-state updates are driven by topology changes.

Link-state information

When a router recognizes a topology change (link down, neighbor down, new link, or new neighbor), it must notify its neighbors. To do this, each link-state router does the following:

The router that recognizes the change sends out new link-state information that reflects the change.

When a router receives new link-state information, it must populate the information in its topological database and pass it on to its neighbors.

The SPF algorithm must be run against the new topological database to update the routing table with the new information.

Each time that there is a topology change that causes an update to the topological database, the SPF algorithm must be run.

Alcatel-Lucent C


ot Distribute



Link-state information is flooded to other routers in the network.

Link-state information

Flooding

Link-state information is sent during a topology change and periodically to insure topological database synchronization. LSAs are:

Sourced by the router that is connected to the link that changes

Flooded by all other routers

Transmitted at each link-state change

The topological database synchronization relies on the flooding of link-state information throughout the link-state domain.

This must be a reliable procedure.

Routers must also have a way to determine if the link-state information they are receiving is more recent than the information already in the database. There must also be a mechanism to determine if the link-state information should be forwarded to neighbors or dropped. Without such a mechanism in place, the link-state information could be flooded infinitely.

Alcatel-Lucent C


ot Distribute



Acknowledgment

Each router must receive an acknowledgment that the update was received by its neighbor. If an acknowledgment is not received, the link-state information is retransmitted.

AcknowledgmentLink-state information

Acknowledgments make the flooding procedure reliable. This helps to ensure that the topological database is synchronized.

Alcatel-Lucent C


ot Distribute



Sequence Numbers

Sequence numbers must be included in the link-state information.

— Without sequence numbers, the link-state information could be flooded infinitely.

— The sequence number remains the same, router-to-router, during the flooding process.

In a link-state environment, routers use the sequence numbers for the following decisions when receiving a link-state update:

— If the sequence number is lower than the one in the database, the link-state information is discarded; and the receiving router will update the sending router with the corresponding information in its own database.

— If the sequence number is the same, an acknowledgement is sent. The link-state information is then discarded.

— If the sequence number is higher, the link-state information is populated in the topological database, an acknowledgement is sent, and the link-state information is forwarded to its neighbors.

Alcatel-Lucent C


ot Distribute




Seq=2Seq=2R1 Link-state packetR1 Link-state packet


Seq=2Seq=2

Sequence Numbers (continued)

A B C D


Seq=1Seq=1

R1 R2 R3



Seq=1Seq=1

In the figure above, all routers initially have an entry in their respective topology databases for network A with a sequence number of 1. This information was obtained from an update that R1 has previously sent. When the link to network A fails, R1 generates new link-state information for network A. It increments the sequence number and sends the link-state information to its neighbor. On receiving the link-state information, R2 checks the sequence number and sees that it is newer. R2 populates its topological database with the new information about network A and floods it to its neighbor R3. Likewise, R3 checks the sequence number, sees that it is newer and populates its topological database.

Alcatel-Lucent C


ot Distribute



Sequence Numbers (continued)

B C

D

R2 R3

A

F E

R5 R4R6

R1

Z

R1 receives 2 copies of the link state information for network Z.R1 must decide what to do with the second copy of the link-state information that it receives.

R1 receives the link-state information via R2 first. It populates its topological database with the newly received link-state information. The link-state information is then received from R6. R1 must compare the link-state information with the information it already has in its database. R1 can see that the sequence numbers are the same. Therefore, it discards the link-state information and does not forward it to R2.

This process stops link-state information from being flooded infinitely.

In the same example as shown in the slide above, if network Z comes up immediately after it goes down, the sequence number is incremented again. For some reason, the link-state information for network Z going down with a sequence number of 2 is delayed via R4 to R3 to R2 to R1. The link-state information for network Z, being available with a sequence number of 3, arrives at R1 via R4 to R5 to R6 to R1 first. When the delayed link-state information with a sequence number of 2 arrives, R1 compares it with the link-state information that it has in its topological database. R1 determines that the link-state information is older and discards it.

Alcatel-Lucent C


ot Distribute



Link-State Information Aging

Link-state information includes an age field.The age of newly created link-state information is set to 0 for OSPF and 1200 for IS-IS. It is incremented by each hop during the flooding procedure for OSPF and is decremented for IS-IS.The link-state age is also incremented for OSPF and decremented for IS-IS as it is held in the topological database.

Maximum ageWhen the link-state information reaches its maximum age, it is no longer used for routing. The link-state information is flooded to the neighbors with the maximum age, and the link-state information is removed from the topological database.For OSPF the default maximum age is 3600

Alcatel-Lucent C


ot Distribute



Hierarchy in Link-State Networks

Scalability issues exist with Link-state networks:The size of the link-state database increases exponentially with the size of the network.The complexity of the SPF calculation also increases exponentially.A topology change requires the complete recalculation of the forwarding table on every router.

A hierarchy allows a large routing domain to be split into several smaller domains.A hierarchy results in suboptimal routing.A hierarchy is less common today due to the increased capacity of routers.

Scalability issues exist with Link-state networks:

The size of the link-state database increases exponentially with the size of the network. Each router must add and keep track of any new destinations that are reachable in the network. A large database increases the consumption of router resources.

The complexity of the SPF calculation also increases exponentially.

A topology change requires the complete recalculation of the forwarding table on every router. The increased overhead in calculating new routing information can overwhelm a router if it has insufficient resources.

A hierarchy allows a large routing domain to be split into several smaller domains. Routing happens within the smaller routing domains and between the domains, simplifying the SPF calculation.

IS-IS and OSPF both implement hierarchy but use different techniques. They both define areas and route within areas and between areas.

A hierarchy results in suboptimal routing. The best path to leave the area may not be the best route to the final destination.

A hierarchy is less common today due to the increased capacity of routers. Many large networks are now configured as a single area, simplifying the configuration and optimizing routing. Modern routers have the ability to handle hundreds of nodes.

Alcatel-Lucent C


ot Distribute



OSPF Overview

Link-state protocolFaster convergence than a distance vector protocolScalableHierarchical using “areas”Uses the SPF algorithm for routing decisionsCost metric takes into account the physical bandwidth of the portClassless protocolTraffic engineering extensionsAuthentication supportSupport for VLSM and address aggregation

OSPF is a hierarchical routing protocol. It supports the concept of areas within the OSPF routing domain. These areas break the network into smaller pieces to accommodate growth and to reduce the amount of protocol traffic throughout the network.

The classless behavior eliminates any classful problems, such as noncontiguous subnets. OSPF also supports classless routing table lookups, VLSM, and aggregation for address management.

The OSPF cost metric is based on the physical bandwidth of the port. This allows OSPF to make its path decisions based on the path that has the most bandwidth.

OSPF also allows for the use of route tagging to identify external routes (i.e., routes learned from another protocol).

The traffic engineering extensions to OSPF allow the protocol to track and advertise the available bandwidth. This feature is used by MPLS in the creation of traffic tunnels.

Alcatel-Lucent C


ot Distribute



OSPF Terminology

Area 0

Link

Cost = 10

Router ID172.16.0.1

LSA

Adjacency and Neighbors

The following terminology is used in OSPF routing:

Area — A group of routers that share the same area ID

Router ID — A unique router ID required by each OSPF router. A router ID can be derived by:

1. Defining the value in the config>router router-id context;

2. Defining the system interface in the config>router>interface ip-int-name context, if router-id is not explicitly configured;

3. Inheriting the last four bytes of the MAC address, if neither router-id nor system interface IP address is configured.

Link State — The status of the link between two OSPF routers, a router’s interface, and its relationship to its neighboring routers

Cost — The routing metric used by OSPF in its SPF calculations

Neighbor — An adjacent system reachable by traversing a single subnet

Designated Router —The router that is responsible for ensuring adjacencies between all neighbors in a multiple-access network. This ensures that all routers do not need to maintain full adjacencies with each other. The DR is elected in all multiple-access networks (Ethernet).

Backup DR — Designated to perform the same functions as the DR in the event of a failure

Link State Advertisement (LSA) — Packet that contains all the relevant information regarding a router’s links and the state of those links

Alcatel-Lucent C


ot Distribute



OSPF Hierarchy

Area 0.0.0.0Backbone area

Area 0.0.0.1

Area 0.0.0.2

OSPF is a hierarchical routing protocol. It supports the concept of areas within the OSPF routing domain. These areas break the network into smaller pieces to accommodate growth and to reduce the amount of LSA traffic throughout the network.

An area is a grouping of OSPF routers that have the same area ID ( i.e., number). For OSPF-enabled routers to form adjacencies, they must have the same area ID. OSPF areas are logical subdivisions of OSPF autonomous systems. The topology of each area is invisible to entities in other areas.

Each router in an area retains a link-state database that describes the particular area. If a router belongs to more than one area, it retains a separate link-state database for each area.

Area 0 (0.0.0.0) is a required area and is referred to as the backbone area. All other areas must be connected to the backbone area, either physically or logically. The backbone area distributes routing information between areas hence all inter-area communications must go through the backbone.

An Autonomous System is a group of networks and network equipment under a common administration.

Alcatel-Lucent C


ot Distribute



LAB 4.1 - Configuring OSPF in a Single Area

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

OSPF

Alcatel-Lucent C


ot Distribute

OSPF Overview

Section 2 — OSPF Areas

Alcatel-Lucent C


ot Distribute



Backbone area

Normal area

Stub area

Intra-area routes refer to updates that are passed within the area. Inter-area routes refer to updates that are passed between areas.

External routes refer to updates passed from another routing protocol into the OSPF domain by the ASBR.

Types of OSPF Areas

Alcatel-Lucent C


ot Distribute



OSPF Backbone Areas

Area 0Area 1

Area 2

Backbone area 0 ABR

ABR

The OSPF backbone area, area 0.0.0.0, must be contiguous, and all other areas must be connected to the backbone area.

All inter-area traffic must pass through the backbone area.

Alcatel-Lucent C


ot Distribute



OSPF Normal Areas

Area 0Area 1

Area 2

Backbone area 0 ABR

Normal area

RIBInter-area routesIntra-area routesExternal routes Normal area

Normal area

ABR

The OSPF normal or standard area is the default area type. The normal area imports and exports external routes. It has in its routing information database all intra-area routes, all inter-area routes, and all external routes.

Alcatel-Lucent C


ot Distribute



OSPF Stub Area

Area 0Area 1

Area 2

Backbone area 0 ABR

Stub area

RIBInter-area routesIntra-area routes

Default route

Normal area

Stub area

ABR

A stub area is an area that does not allow external route advertisements. The ABR of the stub area advertises a single default route (0.0.0.0) into the stub area . Any destination that the internal routers cannot match to an intra- or inter-area route will match the default route.

This reduces the size of the internal router’s database and reduces CPU processing time.

Alcatel-Lucent C


ot Distribute



OSPF Router Types

Area 0Area 1

Area 2

ABR

Backbonerouters

Internalrouters

ASBR

Non-OSPFrouted domain

ABR

OSPF supports four types of routers:

Internal router — A router that is within a specific non-zero area only. It has no direct connection to another area.

Area border router — A router that is located on the border between one or more OSPF areas. It is responsible for the connection of two or more areas (one of them being the backbone area) and for the maintenance of separate link-state databases for each area.

Autonomous system boundary router — A router that connects an OSPF routing domain to a non-OSPF routing domain

Backbone router — A router that resides in area 0 only

Alcatel-Lucent C


ot Distribute



OSPF Databases

Area 0Area 1

Area 2

Adjacency DatabaseList of Neighbors

Link-statedatabase

Forwardingtable

ABR

ABR

OSPF supports a number of databases that it uses in its route calculations:

Adjacency database — When two OSPF routers exchange information, they form an adjacency. The adjacency database is a list of all neighbors to which a router has established bidirectional (full) communication.

Link-state database — Also called the topology table or routing information database, a link-state database contains the next-hop information for all destinations in the OSPF domain.

Forwarding database — This database contains all the “best” routes to the destinations in the network. The forwarding database is created when the SPF algorithm is run on the link-state database.

Alcatel-Lucent C


ot Distribute



Priority 64

Priority 32

Priority 32

Priority 16

Priority 10

Priority 0

Router ID 172.16.0.1

Router ID 172.16.0.2

DR

BDR

Designated Router

The concept of designated routers and backup designated routers came about because of some problems that multiple-access networks, such as Ethernet, posed to OSPF related to the flooding of LSAs. For example, the formation of adjacencies between all attached routers would create unnecessary LSAs. In the figure above, without the use of DR and BDR, the number of adjacencies would be n (n − 1)/2, or in this case, 5(4)/2 = 10 adjacencies to support 5 routers. Flooding of the LSAs would be out of control. A router would flood an LSA to all its adjacent neighbors, which in turn, would flood to all their neighbors, and so on. This would create many copies of the same LSA on the same link.

The DR represents the network as a pseudo node. Each router forms an adjacency with the DR and the BDR. Only the DR sends LSAs to the rest of the network. This reduces the LSA load on the network.

The BDR is responsible for mirroring the DR and takes over the role of DR if there is a failure.

The election process for the DR and BDR is based on priority: the highest priority wins. In the event of a tie, the router with the highest router ID wins. Any router that has reached a minimum of the 2-way state in the OSPF process is eligible to take part in the election process.

A router with Priority set to 0 can never become the Designated Router.

Alcatel-Lucent C


ot Distribute



A:SR1# show router ospf interface

=============================================================================

OSPF Interfaces

=============================================================================

If Name Area Id Designated Rtr Bkup Desig Rtr Adm Oper

-----------------------------------------------------------------------------

system 0.0.0.0 172.0.0.152 0.0.0.0 Up DR

fast 0.0.0.0 192.168.2.1 192.168.2.2 Up BDR

faster 0.0.0.0 0.0.0.0 0.0.0.0 Up Down

-----------------------------------------------------------------------------

No. of OSPF Interfaces: 3

DR and BDR

The slide above again shows the interfaces that are running OSPF. In this case, note the DR and BDR designation of interface “fast”. This interface is an Ethernet interface, and even though it is being used in a point-to-point application, OSPF still sees it as a broadcast medium and conducts the DR and BDR election process.

The “fast” interface is actually the BDR even though the priority of the interfaces are the same and the IP address of “fast” is actually higher than the IP address of its neighbor. This is because the other interface was the first one to become operational. When OSPF saw that the interface was a broadcast interface, it conducted an election. Because the far end was operational first, it was the only one taking part in the election process and therefore became the DR. When “fast” interface became operational and exchanged hellos with the adjacent router, the adjacent router informed “fast” interface that it was the DR, and therefore “fast” interface became the BDR.

Alcatel-Lucent C


ot Distribute

OSPF Overview

Section 3 — OSPF Packets

Alcatel-Lucent C


ot Distribute



OSPF packet type Description

1 Hello — Used to find neighbors in a router’s attached networks and to determine if a neighboring router’s interface is still functional by periodically sending out hello packets

2 Database description — Exchanged between routers that are in the process of forming an adjacency

3 Link-state request — A router request for newer database description information

4 Link-state update — Used to implement the flooding of LSAs; may contain one or more LSAs

5 Link-state acknowledgment — Acknowledgment of a link-state update

OSPF Packet Types

Alcatel-Lucent C


ot Distribute



Hello

Router ID Area ID Password DeadInterval

Hello Interval DR and BDRPriority

Adjacency

* * **

OSPF Hello Packet

The hello protocol is used to allow routers to recognize each other in the network. Hello packets are sent out periodically on each OSPF interface, using the multicast IP address 224.0.0.5.

* - To establish an adjacency between the two routers shown above, certain criteria in the hello packet must be common:

Area — To form an adjacency, both routers must be in the same area.

Password — If using security, both routers must have the same password.

Hello interval — This specifies how often each router will send a hello packet to act as a keepalive. Both routers must have the same hello interval.

Dead interval — This specifies how long a router will wait for a hello packet. If it does not receive a packet within the specified interval, the router will declare the link down. Both routers must have the same dead interval.

Priority — This specifies the router priority of an OSPF interface. A router may have different priorities on its OSPF interfaces. Highest priority is preferred when two or more routers connected to the same network segment all attempt to become DR/BDR. A router whose Priority is set to 0 is ineligible to become DR or BDR on the attached network.

DR — The router ID of the Designated Router selected on the attached broadcast network.

BDR — The router ID of the Backup Designated Router selected on the attached broadcast network.

When the routers have exchanged and agreed on the information above, they will establish an adjacency. This ensures bidirectional communication.

OSPF routes are only exchanged on adjacencies.

Alcatel-Lucent C


ot Distribute



Hello (RID=1.1.1.1,DR=0.0.0.0 Neighbors known = 0)

Hello (RID=2.2.2.2, DR=0.0.0.0, Neighbors known=1.1.1.1)

Router A1.1.1.1

Router B2.2.2.2

Forming an Adjacency

Hello (RID=1.1.1.1,DR=0.0.0.0, Neighbors known = 2.2.2.2)

Down state

2-way state

Exstart state

Exchange stateRouter with larger RID starts

DBD (RID=1.1.1.1)

DBD (RID=2.2.2.2)

DBD (Summary of all networks known)

DBD (Summary of all networks known)

Init state

In the diagram above the two routers in question have not formed an adjacency. The following will explain how the adjacency is created and the steps that are required to accomplish it.

1. To start both routers are in what is called a “down” state. This is when neither router has sent any OSPF related packets.

2. The router on the left sends a hello packet with the standard header. In the hello information the router will insert it’s RID and leave the neighbor field blank since it does not know of any other router on the Ethernet segment.

3. The right side router will respond with a hello of it’s own. However, in this routers hello, not only is its RID sent; the RID of the left router is also sent. With both routers seeing that the other router is acknowledging they exist the state changes from a “down” state to that of “two-way”.

4. The neighboring routers establish a master/slave relationship. During this phase the initial DBD sequence number is determined for the exchange phase. The router with the highest Router ID becomes the master and its initial sequence number is used.

5. The routers send the DBD packets describing its Link State Database. The sequence number negotiated during the master/slave establishment step is used.

6. The sequence number is incremented and the DBD packet is sent describing the Link State Database

Alcatel-Lucent C


ot Distribute



LSR (Send me info on the following networks…)

Router A1.1.1.1

Router B2.2.2.2

Forming an Adjacency (cont’d)

LSR (Send me info on the following networks…)

Full state

Loading state

LSU (Here’s the info you requested)

LSU (Here’s the info you requested)

ACK (Thanks for the info)

ACK (Thanks for the info)

The Adjacency continues to be created with the following steps:

1. The routers ask for explicit information with the use of the Link State Request. When the LSR is sent the “exchange” state changes to the “loading” state.

2. Each router will respond to the LSR with one or more Link State Update Packets. These packets will contain the explicit details of the networks requested.

3. Each router will respond to the LSU with an Acknowledgement packet. This ensures that each knows the other has received the information without error.

4. After all LSUs are received, and acknowledgements sent, each router will now have an identical link state database. When this happens the state changes from a “Loading” state to the “full” state. This means that each router is fully converged with the others database.

5. To maintain the adjacency the routers will now sent periodic hellos to each other. The default timer for this is 10 seconds. If something changes then only that change int eh database will be conveyed to the neighbor.

Alcatel-Lucent C


ot Distribute



LSA Types

After the initial flood to create the link-state database, LSAs are sent when there is a topology change or every 30 minutes to maintain the database.

Routers can generate the following types of LSAs:Type 1 — Router LSAType 2 — Network LSAType 3 — Summary LSA (Network)Type 4 — Summary LSA (ASBR)Type 5 — AS external LSA

Alcatel-Lucent C


ot Distribute



Type 1 — Router LSA

Area 0Area 1

Backbone area 0

ABR

Type 1RouterLSA

DR

LSA type 1 is known as a router LSA and is generated by every internal router in the network with an active interface. These LSAs are only flooded in the area in which they were originated. A router LSA lists all the router’s links along with the state and cost of the links.

Alcatel-Lucent C


ot Distribute



Type 2 — Network LSA

Area 0Area 1

Backbone area 0

ABR

Type 2Network LSA

DR

LSA type 2 is known as a network LSA. Network LSAs are only produced by the DR in a multiple-access network. The DR represents the network as a type of pseudo node. A network LSA lists all attached routers, including the DR. A network LSA is only flooded in the area of the router that originated it.

Alcatel-Lucent C


ot Distribute



Type 3 — Network Summary LSA

Area 0Area 1

Backbone area 0 ABR

Type 3Network SummaryLSA

LSA type 3 is known as a network summary LSA and is advertised by an ABR. These LSAs are sent into an area to advertise routes (destinations) that are outside that area. This lets the internal routers know which destinations can be reached by the ABR.

The ABR advertises a network summary LSA in both directions. This means that the ABR advertises network summary LSAs into the non-zero area as well as the backbone or zero area.

Alcatel-Lucent C


ot Distribute



Type 4 — ASBR LSA and Type 5 — AS External LSA

Area 0Area 1

Area 2

ASBR Non-OSPFrouted domain

Type 5ExternalLSA

Type 4ASBRLSA

LSA type 5 is known as an AS External LSA. These LSAs are originated by an ASBR and advertise destinations external to the AS or a default route that is external to the AS. AS external LSAs are flooded throughout the entire network,with the exception of stub areas.

LSA type 4 is known as an ASBR LSA. An ASBR LSA is only generated by an ABR. ASBR LSAs are identical to type 3 LSAs except that the destination they advertise is not a network but the ASBR itself. An ABR generates a Type 4 LSA after it has received Type 5 LSAs from an ASBR.

Alcatel-Lucent C


ot Distribute



OSPF LSAs in Action

Area 0 Area 1

Broadcast network

LSA 1: Router

LSA 2: Network

LSA 3: Summary

DR

All links in the hierarchical network above are point-to-point except for the links in Area 1. DR and BDR elections are therefore a concern in area 1.

When the ABR is inserted adjoining both areas, router LSAs are sent out in the respective areas.

Note: The ABR belongs to both areas and therefore has a separate set of router LSAs for each area that it belongs to. Therefore, the topology database of the ABR has a set of router LSAs for area 0 and a set of router LSAs for area 1.

The ABR is connected to a broadcast network in area 1. The interface of the ABR is elected as the DR, and it sends a network LSA to all routers in the broadcast domain.

In addition, the ABR summarizes all networks in Area 1 and sends a network summary LSA on behalf of all the networks to all routers in Area 0.

Alcatel-Lucent C


ot Distribute



OSPF LSAs in Action (continued)

Area 0

Area 2

ASBR Non-OSPFrouted domain

LSA 4: ASBR

LSA 5: AS external

An ABR now connects Area 0 to Area 2. In addition, Area 2 contains an ASBR, which is connected to a non-OSPF routed domain.

When the ABR comes up, its sends/receives router LSAs from both the respective areas.

The ASBR advertises a type 5 LSA, which is flooded throughout the area.

The ABR then sends an ASBR LSA into Area 0, indicating the router ID of the ASBR.

Alcatel-Lucent C


ot Distribute



OSPF Route Selection

Area 0Area 1

Area 2

Cost = 10Cost = 10 DR

BDRCost = 1 Cost = 1

Cost = 100

Cost = 1

Cost = 10

Cost = 1

A

B

Router 3 Link-state databasePaths from Router 3 to reach B

Path 1 (via R5) cost 12Path 2 (via R4) cost 22Path 3 (via R6) cost 101

Forwarding tableRouter 3 to BPath 1 cost 12

SPF algorithm

1

23

4

5

6

7

8

Each router gathers all the received LSAs and enters them into the link-state database. The SPF algorithm is applied to this database and is used to calculate the shortest path tree. The SPF algorithm is run first to create the branches of the tree (routers) and second to create the leaves (stub networks) on the branches.

OSPF calculates the shortest path using a cost metric. This cost is assigned to each interface and depends on the bandwidth of the interface. The cost of a route is the sum of all costs of each interface that a packet must traverse to reach its destination.

When all of the costs have been calculated, the route to the destination with the lowest cost is entered in the forwarding table and all traffic going to that destination uses this route.

Alcatel-Lucent C


ot Distribute



Authentication

All OSPF protocol exchanges can be authenticated. This means that only trusted routers can participate in autonomous system routing. Alcatel’s implementation of OSPF in the 7750 SR supports plain text and MD5 authentication (also called simple password).

MD5 allows an authentication key to be configured per interface. Links between adjacent routers must be configured with the same key.

By default, authentication is not enabled on an interface.

MD5 is a method of verifying data integrity and is more reliable than a common checksum.

MD5 is an algorithm that takes a message of variable length and creates a 128-bit “message digest”. The message digest is then transmitted to the neighbor and can only be decrypted by a receiving station that has the correct password.

Alcatel-Lucent C


ot Distribute



A:SR1# show router ospf neighbor

===============================================================================

OSPF Neighbors

===============================================================================

Nbr IP Addr Nbr Rtr Id Nbr State Priority RetxQ Len Dead Time

-------------------------------------------------------------------------------

192.168.2.1 172.0.0.154 Full 1 0 30

-------------------------------------------------------------------------------

No. of Neighbors: 1

Show OSPF Neighbors

The slide above shows the adjacencies formed by OSPF with its directly connected neighbors, including the interface that the adjacency was formed on and the router ID of the immediate neighbor.

Note the neighbor state: when the routers have formed their adjacency and the databases are synchronized, the state is Full, as shown above. Other states that may be displayed are Init, Exstart, and Exchange; however, these states are only briefly displayed. The final state is Full.

Alcatel-Lucent C


ot Distribute



A:SR1# show router ospf interface

===============================================================================

OSPF Interfaces

===============================================================================

If Name Area Id Designated Rtr Bkup Desig Rtr Adm Oper

------------------------------------------------------------------------------

system 0.0.0.0 172.0.0.152 0.0.0.0 Up DR

fast 0.0.0.0 192.168.2.1 192.168.2.2 Up BDR

faster 0.0.0.0 0.0.0.0 0.0.0.0 Up Down

-------------------------------------------------------------------------------

No. of OSPF Interfaces: 3

Show OSPF Interfaces

The slide above shows the interfaces that are running OSPF, including their names and the areas that they belong to. Note that the Adm status is Up and the Oper status is either, in this case, DR, BDR, or Down.

Alcatel-Lucent C


ot Distribute



A:SR1# show router ospf database detail

===============================================================================

OSPF Link State Database (Type : All) (Detailed)

===============================================================================

-------------------------------------------------------------------------------

Router LSA for Area 0.0.0.0

-------------------------------------------------------------------------------

Area Id : 0.0.0.0 Adv Router Id : 172.0.0.152

Link State Id : 172.0.0.152 LSA Type : Router

Sequence No : 0x80000274 Checksum : 0x78bf

Age : 543 Length : 48

Options : E

Flags : None Link Count : 2

Link Type (1) : Stub Network

Network (1) : 172.0.0.152 Mask (1) : 255.255.255.255

No of TOS (1) : 0 Metric-0 (1) : 1

Link Type (2) : Transit Network

DR Rtr Id (2) : 192.168.2.1 I/F Address (2) : 192.168.2.2

No of TOS (2) : 0 Metric-0 (2) : 1000

-------------------------------------------------------------------------------

Router LSA for Area 0.0.0.0

-------------------------------------------------------------------------------

Show OSPF Link State Database

The slide above shows the detailed information for one LSA in the link-state database.

The information includes the area that the link belongs to, the ID of the router that is sending the LSA, the link-state ID of the LSA, and the type of LSA. Note that in this case, the router ID and link-State ID are the same, because this is the LSA that depicts the system interface. In addition, this is a type 1 (router) LSA.

The information also includes the type of network that the link belongs to, the network address, the network mask,and the metric for this link. Because this is the system interface, the network address is the interface address and the mask is 255.255.255.255 or /32. The metric for the system interface is 1 as it is a loopback or virtual interface.

This slide also shows the network interface that the LSA is advertised out of and the metric that is associated with the interface. In this case, the interface is a 100 Mb/s Ethernet interface with a metric of 1000.

Alcatel-Lucent C


ot Distribute



A:SR1# show router route-table

===============================================================================

Route Table (Router: Base)

===============================================================================

Dest Address Next Hop Type Proto Age Metric Pref

-------------------------------------------------------------------------------

172.0.0.152/32 system Local Local 12d19h24m 0 0

172.0.0.154/32 192.168.2.1 Remote OSPF 11d17h16m 1001 10

192.168.2.0/30 fast Local Local 11d17h17m 0 0

-------------------------------------------------------------------------------

No. of Routes: 3

===============================================================================

Show Route Table

The slide above shows the forwarding information that is used by the router to forward traffic to its destination. Note that the local routes have a metric of 0 and a preference of 0. Therefore, if OSPF had learned of paths to these destinations, they would not be entered in the forwarding table because the OSPF preference value is 10.

The information also includes the address or name of the next-hop interface. If it is a local route, the name of the interface is displayed. If it is a remotely learned route, the address of the interface that advertised the route to this router is displayed.

Alcatel-Lucent C


ot Distribute



Module Summary

With Link state protocols every router has the same view of the network (same topology database), routing updates are triggered when there are topology changes, paths are computed to each reachable destination using shortest path first algorithm

OSPF and ISIS are Link state protocolsOSPF has concept of areas which break network into smaller pieces, reducing the amount of routing update floodingThe three types of areas are: Backbone, Normal, Stub

Alcatel-Lucent C


ot Distribute




The four types of routers are: Internal Router:

within a non-zero (backbone) area

Area Border Router (ABR): between two or more different OSPF areas

Autonomous System Border Router (ASBR): connects OSPF routing domains to another non-OSPF routing domain

Backbone Router: within backbone area

Alcatel-Lucent C


ot Distribute




There are 5 types or OSPF packets used to establish adjacencies, maintain the adjacencies, and exchange routing information

HelloDatabase DescriptionLink State RequestLink State UpdateLink State Acknowledgement

Alcatel-Lucent C


ot Distribute




The 5 main LSA types are:Type 1 – Router LSAType 2 – Network LSAType 3 – Summary LSAType 4 – ASBR Summary LSAType 5 – AS-External LSA

On a shared media one router becomes the Designated Router and is responsible for sending LSAs on the network

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. In OSPF, what are the areas used for?A. Simplify network design.B. Reduce the amount of transit customer traffic.C. Reduce the amount of LSA traffic.

2. Which one of the following routers connects an OSPF routing domain to a non-OSPF routing domain?A. ASBRB. Backbone C. ABRD. Internal

3. In OSPF terminology, what is the cost used for?A. Cost is the monetary value of a link, such as a satellite link.B. Cost is a metric value used by the SPF algorithm for path calculations.C. Cost is the preference value used to select paths learned from different routing protocols.

Alcatel-Lucent C


ot Distribute




4. How many databases are formed by standard OSPF?A. 3B. 4C. 2D. 1

5. All non-zero areas must connect to Area 0. A. TrueB. False

6. Which of the following areas supports external routes in the routing table?Choose all that apply.A. Stub B. BackboneC. Normal

Alcatel-Lucent C


ot Distribute




7. Which of the following packets is also used as a keepalive?A. Database descriptionB. Link-state requestC. Link-state updateD. Link-state acknowledgmentE. Hello

Alcatel-Lucent C


ot Distribute




Page left blank for notes

1. In OSPF, what are the areas used for?A. Simplify network design.B. Reduce the amount of transit customer traffic.C. Reduce the amount of LSA traffic. √

2. Which one of the following routers connects an OSPF routing domain to a non-OSPF routing domain?A. ASBR√B. Backbone C. ABRD. Internal

3. In OSPF terminology, what is the cost used for?A. Cost is the monetary value of a link, such as a satellite link.B. Cost is a metric value used by the SPF algorithm for path calculations. √ C. Cost is the preference value used to select paths learned from different routing protocols.

4. How many databases are formed by standard OSPF?A. 3 √ B. 4C. 2D. 1

5. All non-zero areas must connect to Area 0. A. True √ B. False

6. Which of the following areas supports external routes in the routing table?Choose all that apply.A. Stub B. Backbone √ C. Normal √

7. Which of the following packets is also used as a keepalive?A. Database descriptionB. Link-state requestC. Link-state updateD. Link-state acknowledgmentE. Hello √

Alcatel-Lucent C


ot Distribute



LAB 4.2 – Multi-Area OSPF

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

Area 3

Area 2Area 1

Area 4

OSPF

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent C


ot Distribute


Module 8 — Introduction to Border Gateway Protocol

Alcatel-Lucent C


ot Distribute



Module Objectives


Define the use of border gateway protocolDefine public and private autonomous systemsExplain why an IGP must be running to support BGPDefine the difference between EBGP and IBGP peers

Alcatel-Lucent C


ot Distribute



BGP originalRFC 1105

BGP originalRFC 1105

1989 1995199419911990

RFC 1164implementation


BGP — v2RFC 1163

BGP — v2RFC 1163

Present

BGP — v3RFC 1267

BGP — v3RFC 1267



BGP — v4RFC 1654

BGP — v4RFC 1654

BGP — v4update

RFC 1771

BGP — v4update

RFC 1771





BGP History

2006

BGP — v4update

RFC 4271

BGP — v4update

RFC 4271

Over the course of BGP’s existence, multiple RFCs have been created and commonly accepted. The slide above lists the RFCs that explicitly define the characteristics of basic BGP.

In 1989, a workgroup started to outline and create the first RFC for BGP.

RFC 1105 is the first RFC for BGP. It defined the basic operation and common characteristics used by BGP. This was the BGPv1 specification that was first released for public use.

In 1990, RFC 1163 was released. This RFC incorporated additional features and modifications to the original RFC and was known as BGPv2.

At the same time, RFC 1164 was created to describe the proper implementation of BGP.

Since the release of RFC 1164 and BGPv2, all subsequent releases of BGP have been accompanied by a new RFC related to implementation.

The currently accepted version of BGP is version 4. The currently accepted RFC for BGPv4 is RFC 1771, with accompanying implementation RFC 1772.

Alcatel-Lucent C


ot Distribute



Autonomous Systems in BGP

AS-65001

AS-65002

AS-65003

• A group of networks and network equipment under acommon administration

• IGP protocols such as OSPF, IS-IS, and RIP run in an AS• BGP is used to connect autonomous systems

Alcatel-Lucent C


ot Distribute



Autonomous Systems in BGP (continued)

Public autonomous systemsAssigned by ARIN or another authorityMust be used when connecting to other autonomous systems in the InternetRange from 0 to 64511

Private autonomous systemsAssigned by ISPs (for some clients), local administrators, and so onNot allowed to be advertised to other ISPs or on the InternetRange from 64512 to 65535

Regional Internet RegistriesRegional Internet Registries (RIRs) are nonprofit corporations established for the purpose of administration and registration of Internet Protocol (IP) address space and Autonomous System (AS) numbers. There are five RIRs:

Registry Geographic RegionAfriNIC Africa, portions of the Indian Ocean

APNIC Portions of Asia, portions of Oceania

ARIN Canada, many Caribbean and North Atlantic islands, and the United States

LACNIC Latin America, portions of the Caribbean

RIPE NCC Europe, the Middle East, Central Asia

Alcatel-Lucent C


ot Distribute



BGP Protocol Overview

AS-65001

AS-65002

AS-65003

• IGPs run within an autonomous system • EGPs run between autonomous systems

OSPFIS-ISRIP

Interior Gateway Protocols

Exterior Gateway Protocols

IGPs are protocols that run actively within an autonomous system. Common protocols that are used in this manner are RIP, IS-IS, and OSPF.

EGPs are protocols that run actively between autonomous systems. The only commonly accepted protocol used as an EGP is BGP.

Alcatel-Lucent C


ot Distribute



Requirement for an IGP

OSPF

BGP is not a discovery protocolAn IGP routing protocol is needed within the Autonomous System so that BGP routers know how to reach other BGP routers within the AS

BGP is not a discovery protocol. It has no mechanism to find its way to a neighboring router if a path does not already currently exist in the routing table. BGP therefore requires an IGP of some kind (OSPF, IS-IS, RIP, or static routes) to find a path to the other BGP speakers so that TCP can establish a peering session with those BGP speakers.

Alcatel-Lucent C


ot Distribute



BGP Scope

Enables the exchange of routing information between autonomous systemsEnables the implementation of administrative policiesAlready scaled to:

Large number of autonomous systemsLarge number of neighborsLarge volume of table entriesHigh rate of change

BGPv4, defined in RFC 1771, provides reachability information to foreign networks (outside the AS) by enabling the exchange of routing information between ASs to allow for data flow between them. When the exchange is enabled, of equal or greater concern is the application of administrative policy to the traffic flows.

Policy implementation is a key strength of BGP and allows the administration to manipulate traffic based on virtually any policy.

BGP has proven scalability. It is the protocol of choice for service providers, running on their Internet routers. BGP is the fundamental building block of the Internet and is used by every service provider in the world for service-provider interoperability. BGP is the most feature-rich and scalable routing protocol in use today. It supports the current requirements of the Internet, and with extended capabilities such as multiple protocol families and extended AS numbers, is well-positioned for the future.

Alcatel-Lucent C


ot Distribute



BGP Features

Path vector protocolNeighbors can be any reachable devicesUnicast exchange of informationReliability via TCPUses well-known TCP port 179Periodic keepalive for session managementEvent-drivenRobust metrics

Behavior is similar to other TCP/IP applications

Although BGP is an enhanced distance vector protocol, it is specifically called a path vector protocol.

Neighbor relationships in BGP are somewhat different from what is normal in the IGP world. Traditionally, neighbors are always directly connected routers. With BGP, this is no longer the case: neighbors may be directly connected, but it is not required because BGP uses unicast TCP/IP for neighbor establishment. It is possible for neighbor relationships to be established with any device that is IP-reachable. There is no guarantee that the neighbor relationship will succeed because factors such as firewalls or access control lists may prevent certain types of traffic from passing, but they are possible and likely to occur.

At the application layer, BGP functions similarly to other TCP/IP applications, such as Telnet, FTP, and HTTP. BGP may be viewed as an application because it uses registered port number 179 in the TCP/IP model.

Generic TCP/IP applications use a 3-way handshake for session establishment, and once this is completed a TCP/IP session is formed. After the session, the applications exchange or negotiate a set of parameters for the session. In Telnet, for example, parameters such as terminal types and passwords are typically negotiated. If application-level parameters are also acceptable, a session is established at the application layer and data is exchanged. Periodic user data keeps the session alive. When the session is to be terminated, either user input or an inactivity timeout causes the application session to be torn down and TCP/IP to initiate the 4-way session teardown.

Alcatel-Lucent C


ot Distribute



BGP Considerations

Path vector protocol roots are distance vectorAll distance vector protocols share similar characteristics:

Hop count is a metricSplit horizon is a factor

Table sizes are significantly larger than in IGPConvergence is an issueAdministratively complex

Protocols that are based on distance vector mechanisms, such as path vector, share certain common characteristics. The two that are significant to BGP are hop count and split horizon. It is important to note that these two behaviors are present in the BGP protocol.

Adding to the complexity of BGP is the fact that topology and routing table sizes become much larger than in an IGP environment. The increased size of these tables means that factors such as CPU loading, memory utilization, update generation, and route processing have a far greater implication in BGP.

These items, and others, affect convergence. Convergence may be viewed in two ways. Local convergence is the time taken for a router to receive and process all outstanding messages and settle on a stable topology. Network convergence is the time taken for all routers in the system to settle on a stable topology. In IGP terms, the system is usually the local AS. In BGP terms, the system is the Internet.

Because the entire Internet is the scope of BGP, the administration is typically more complex than that in a single AS.

Alcatel-Lucent C


ot Distribute



EBGP vs. IBGP Overview

Two types of BGP sessions are possibleExternal BGP (EBGP) sessions:

Routers are in different autonomous systemsTypically directly connected, but not mandatoryDifferent administrations

Internal BGP (IBGP) sessions:Routers are in the same autonomous systemsTypically non adjacent routers; could be directly connectedSame administration

There are two possible types of BGP neighbor relationships. Regardless of the type, a BGP session between two devices is alternatively referred to as a neighbor or peer session. A BGP router is also referred to as a BGP speaker.

A session between two devices in different autonomous systems is referred to as an external BGP or EBGP session. It is typical for devices having an EBGP session to be directly connected, sharing a common data link, but it is not mandatory. Because the devices are in different autonomous systems, the administration of each device is typically handled separately. Care must therefore be taken to ensure that the configuration parameters match so that the peering will succeed.

A session between two devices in the same autonomous system is referred to as an internal BGP or IBGP session. It is typical for devices having an IBGP session not to be directly connected, as they may be across the country or the world. Because the devices are in the same autonomous system, the administration of each device is typically handled by the same organization. Care must still be taken to ensure that the configuration parameters match so that the peering will succeed, but as the devices are locally controlled, this is often an easier task than with EBGP.

Alcatel-Lucent C


ot Distribute



Internal BGP

AS-65001

AS-65002

AS-65003

Internal BGP sessions (IBGP)

• IBGP neighbors are peers in the same autonomous system.• By default, they do not need to be directly connected.

AS-65004

Physical Link

A session between two devices in the same autonomous system is referred to as an IBGP session. Because the devices are in the same autonomous system, the administration of each device is typically handled by the same organization. Care must still be taken to ensure that the configuration parameters match so that the peering will succeed, but as the devices are locally controlled, this is often an easier task than with EBGP.

A requirement for IBGP is that all routers that participate in an IBGP session must be fully meshed. This requires that every router needs to be able to establish an IBGP session with every other router in the AS. The rationale behind this is beyond the scope of this course and will be fully covered in the BGP course.

Alcatel-Lucent C


ot Distribute



External BGP

AS-65001

AS-65002

AS-65003

External BGP sessions (EBGP)

• EBGP neighbors are peers in different autonomous systems.• By default, they need to be directly connected..

AS-65004

Physical Link

A session between two devices in different autonomous systems is referred to as an EBGP session. It is typical for devices having an EBGP session to be directly connected, sharing a common data link, but it is not mandatory. Because the devices are in different autonomous systems, the administration of each device is typically handled separately. Care must therefore be taken to ensure that the configuration parameters match so that the peering will succeed.

Alcatel-Lucent C


ot Distribute



When to Use BGP

Use BGP in the following environments:You are an ISP and need to pass client traffic from one AS to another AS.You need to multi-home to several ISPs due to company requirements.Traffic flow from or to your company must be manipulated and controlled.

Do not use BGP in the following environments:There is no need to have more than one connection to the Internet.Company engineers do not understand how BGP works.The hardware and physical links to the ISP are not able to handle the load of BGP traffic.

Alcatel-Lucent C


ot Distribute



BGP Metrics

IGP protocols use single metrics for path determination:RIP — Hop countOSPF — Cumulative costISIS — Cumulative cost

BGP uses multiple metrics to select the best path to a destination network.

BGP, as stated above, can implement multiple criteria in selecting the best path to a destination. This makes BGP a very flexible and complicated protocol in the configuration process. However, it does give the administrator a way to influence the way traffic will flow across the network.

Alcatel-Lucent C


ot Distribute



BGP Attributes

Metrics are called attributesBGP attributes include the following:

AS-path Next-HopOrigin Local PreferenceMultiexit Discriminator (MED)Others

Attributes are carried inside update messages

After BGP establishes a session, routing updates are exchanged. The routing update contains a prefix and metrics. In BGP, metrics are called attributes.

Alcatel-Lucent C


ot Distribute



AS Path

AS Path – identifies the Autonomous System(s) through which this UPDATE message has passedModified by any border router when propagating an update across an AS boundaryLocal AS number inserted at the beginning of the list

AS Path is a variable length list. Reading left to right:The leftmost entry is the AS that sent the prefix to youThe rightmost entry is the originator of the prefixIntermediate entries (if present) are transit ASsThe list may be null

AS Path is the hop count of BGPUsed for loop detection

The AS Path attribute identifies the sequence of Autonomous Systems through which this UPDATE message has passed.

This attribute is not a single item, like origin code, but is a list that may contain zero, one or more entries. The list may be read in either direction, but if reading from left to right then the significance of the list entries is as follows. The leftmost entry in the list is the neighboring AS that sent the prefix into your AS. The rightmost entry in the list is the originating AS for the prefix. Any intermediate entries are transit ASs that the update has passed through on its way to you.

If you are viewing the update inside the originating AS, the list will be empty or null, since the update has not yet passed ‘through’ any ASs.

The behavior of this attribute is that the AS number of the sender will be prepended (added to the beginning) to the list whenever the update crosses an AS boundary.

If a router receives an update containing the local AS number already in the path sequence, the update is flagged as a loop.

The implementation of AS_PATH is the hop count of BGP. It is important to note that this hop count is not an indication of the number of routers that the update has passed through, but of the number of ASsthe update has passed through, regardless of the actual number of routers.

Alcatel-Lucent C


ot Distribute



AS Path

AS 65200

AS 65100 AS 65250

Update originated in AS 65100

Prefix Origin AS Path next-hop

null


65100

Update in AS 65200


65200 65100

Update received at Router Y

Router ARouter B

Router XRouter Y

In the above illustration, the same BGP update is being originated by the router in AS 65100. The prefix in the update message is internal to AS 65100. Since this router is inside the originating AS, the AS Path is null.

The attribute will propagate in all further BGP updates for this prefix, in this example across AS 65200 and 65250, and each time the update crosses an AS boundary, the AS number of the sender will be prepended to the AS Path list.

When the update arrives in AS 65200, it has crossed an AS boundary in order to get there, so the AS Path attribute now contains 65100, the AS number of the sender.

Similarly, when it arrives in AS 65250, the AS Path attribute now contains the sequence 65200 65100.

If we read the AS Path from left to right, it represents the sequence of ASs leading back to the origin of the route.

Alcatel-Lucent C


ot Distribute



Next-hop

Next-hop - the IP address of the border router that should be used as the next hop towards the destinationSet by the border router to the local interface address used to reach the neighbor, when propagating an update across an AS boundaryThe behavior is not always the samePoint-to-point networksMulti-access networksSystem Addresses

May be administratively modified

Next-hop defines the IP address of the border router that should be used as the next hop to the destinations listed in the Network Layer Reachability field of the UPDATE message.

When a BGP speaker advertises the route to a BGP speaker located in its own autonomous system, the advertising speaker shall not modify the NEXT_HOP attribute associated with the route.

When a BGP speaker advertises the route to a BGP speaker located in a remote autonomous system, the advertising speaker may modify the NEXT_HOP attribute associated with the route.

The typical behavior is to set the next-hop attribute to the IP address of the egress interface used to send the Update to the remote neighbor. There is no restriction that this must be the case, so other scenarios are possible. The next-hop attribute is one of the greatest administrative challenges when deploying BGP.

Alcatel-Lucent C


ot Distribute



Next-hop

AS 65200

AS 65100 AS 65250



varies*


Router X

Update in AS 65200


Router B


Router ARouter B

Router X Router Y

In the above illustration, the same BGP update is being originated by the router in AS 65100. If viewed on a router inside the originating AS, the next-hop attribute may be one of several addresses, depending on the configuration.

If the network is directly connected to the router originating the prefix, the next-hop is not relevant locally (it is directly connected), and will not be present in the local BGP table. If the prefix was learned from another router in the same AS (not shown in the diagram), then the next-hop will be the IP address of the originating router.

In either case, the border router will set the next-hop address to the interface used to reach the router in AS 65200 when it propagates the update.

The next-hop attribute will propagate in all further BGP updates for this prefix, in this example across AS 65200 and 65250, and each time the update crosses an AS boundary, the next-hop attribute will be set to the IP address of the egress interface used to send the update to the remote neighbor.

When the update is sent between the routers within AS 65200, the next-hop is unmodified by default, it remains the address of the router in AS 65100.

When the update arrives in AS 65250, it crossed an AS boundary to get there, so the next-hop attribute now contains the IP address of the eBGP router that sent the update to AS 65250.

Alcatel-Lucent C


ot Distribute



Origin Code

Origin Code - defines the origin of the path informationLower Origin value is preferredSet by originating AS, should never change

learned by some other means2?Incomplete

learned via EGP1eEGP

interior to the originating AS0iIGP

MeaningValueCodeName

The ORIGIN attribute shall be generated by the autonomous system that originates the associated routing information. It shall be included in the UPDATE messages of all BGP speakers that choose to propagate this information to other BGP speakers.

It can assume the following values:

0 - IGP - Network Layer Reachability Information is interior to the originating AS, i.e. it is learned via an IGP protocol

1 - EGP - Network Layer Reachability Information learned via EGP

2 - INCOMPLETE - Network Layer Reachability Information learned by some other means, such as static route, or directly connected interface

Once set the ORIGIN attribute should never be modified.

Alcatel-Lucent C


ot Distribute



Origin Code

AS 65200

AS 65100 AS 65250


i



i

Update in AS 65200


i


Router ARouter B

Router XRouter Y

In the above illustration, a BGP update is being originated by the router in AS 65100. The prefix (or NLRI) in the update message is learned via an IGP protocol internal to AS 65100, so the origin code should be set to ‘i’. It will be unknown by default.

The attribute will propagate in all further BGP updates for this prefix, in this example across AS 65200 and 65250, and should never be modified.

Alcatel-Lucent C


ot Distribute



Local Preference

Local preference The degree of preference for each external route. Used only with iBGP. This attribute can be used to manipulate the way traffic egresses the Autonomous System

LOCAL_PREF shall be included in all UPDATE messages that a given BGP speaker sends to the other BGP speakers located in its own autonomous system. A BGP speaker shall calculate the degree of preference for each external route and include the degree of preference when advertising a route to its internal peers. The higher degree of preference should be preferred.

LOCAL_PREF is only used in iBGP. A BGP speaker shall not include this attribute in UPDATE messages that it sends to BGP speakers located in a neighboring autonomous system. If it is contained in an UPDATE message that is received from a BGP speaker which is not located in the same autonomous system as the receiving speaker, then this attribute shall be ignored by the receiving speaker.

Alcatel-Lucent C


ot Distribute



Multi Exit Discriminator (MED)

Multi Exit Discriminator (MED) –Defines the preferred entry point to the local Autonomous SystemThis attribute can be used to manipulate the way traffic ingresses the Autonomous System

The MULTI_EXIT_DISC may be used on external (inter-AS) links to discriminate among multiple exit or entry points to the same neighboring AS. The value of the MULTI_EXIT_DISC attribute is a four octet unsigned number which is called a metric. All other factors being equal, the exit or entry point with lower metric should be preferred.

If received over external links, the MULTI_EXIT_DISC attribute may be propagated over internal links to other BGP speakers within the same AS. The MULTI_EXIT_DISC attribute is never propagated to other BGP speakers in neighboring AS's.

Alcatel-Lucent C


ot Distribute



BGP Route Selection Criteria

If the entry is valid, loop-free and the next-hop is reachable, then prefer the …

1. Route with higher local preference 2. Route with the shorter AS path3. Route with the lower origin code4. Route with the lowest MED5. Route learned from an EBGP peer before those learned

from an IBGP peer6. Route with the lowest IGP cost to the next-hop 7. Route with the lowest BGP router-ID 8. Route with the shortest cluster list 9. Route with the lowest peer IP address

This chart depicts the BGP route selection criteria as implemented on the Alcatel 7750 SR. When BGP receives multiple routes to the same destination prefix, the route selection criteria is used to select the best route.

A route will never be considered if it does not have the valid flag associated to it, contains an AS-Path loop or the next-hop is unreachable.

For each prefix in the BGP table, the first entry for that prefix is compared to the next in the list, until a best route is found for each.

Alcatel-Lucent C


ot Distribute



Show BGP Neighbor

Node_181# show router bgp neighbor

===========================================================================

BGP Neighbor

===========================================================================

---------------------------------------------------------------------------

Peer : 192.168.1.5 Group : bgp

---------------------------------------------------------------------------

Peer AS : 65002

Peer Address : 192.168.1.5 Peer Port : 49353

Local AS : 65001

Local Address : 192.168.1.6 Local Port : 179

Peer Type : External

State : Established Last State : Established

Last Event : recvKeepAlive

Last Error : Cease

(continued on next slide)

The information shown in the above graphic and continued on the next slide is the output showing the information of a BGP peering session. It first identifies the peer by the IP address (192.168.1.5) and then gives the Peer AS number (65002). It then identifies the local information and gives the state of the connection. If the state says anything other then “ESTABLISHED” then there is a problem. It shows the last event which is the last message that it has received.

Alcatel-Lucent C


ot Distribute



Show BGP Neighbor (continued)

(continued from previous slide)

Local Family : IPv4 Remote Family : IPv4

Local Capability : RouteRefresh MP-BGP Remote Capability: RouteRefresh MP-BGP

Hold Time : 90 Keep Alive : 30

Active Hold Time : 90 Active Keep Alive: 30

Cluster Id : None

Preference : 170 Num of Flaps : 1

Recd. Prefixes : 6 Active Prefixes : 3

Recd. Paths : 2 Suppressed Paths : 0

Input Queue : 0 Output Queue : 0

i/p Messages : 25 o/p Messages : 23

i/p Octets : 673 o/p Octets : 621

i/p Updates : 7 o/p Updates : 6

Import Policy : None Specified / Inherited

Export Policy : rip

This is a continuation from the previous slide. There is a lot of information shown above but some of the more important information is the local and remote capability. Notice that both support MP-BGP. This is Multi-Protocol BGP and will be covered in the BGP protocol class. Other important information are the timers for the hold and keep alive. These must match in a peering session. The final areas to note are the import and export policies. As was previously stated BGP is not a discovery protocol and not only must you tell it where to go to peer, you must also tell it what information you want it to advertise.

Alcatel-Lucent C


ot Distribute



Show BGP Paths

Node_181# show router bgp paths

==========================================================================

BGP Router ID : 172.0.0.181 AS : 65001 Local AS : 65001

==========================================================================

BGP Paths

==========================================================================

Path: 65004 65002

Origin : Incomplete Next Hop : 192.168.1.10

MED : none Local Preference : none

Refs : 4 ASes : 2

Segments : 1

Flags : EBGP-learned

--------------------------------------------------------------------------

Path: 65002

Origin : Incomplete Next Hop : 192.168.1.5

MED : none Local Preference : none

Refs : 8 ASes : 1

Segments : 1

Flags : EBGP-learned

The above graphic shows the BGP Paths that have been learned by the router. Note that the path lists the AS numbers of the systems that it must traverse and whether they were learned through e-BGP or i-BGP.

Note that there may a very large number of BGP paths in the router’s routing table and as such it may be wise to specify the particular routes of interest when executing the ‘show router bgp paths’ command.

Alcatel-Lucent C


ot Distribute



Show BGP Summary

Node_181>show>router>bgp# summary all

===============================================================================

BGP Comprehensive Summary

===============================================================================

ServiceId AS PktRcvd InQ Up/Down State| Recv/Actv/Sent(IPv4)

Neighbor PktSent OutQ Recv/Actv/Sent(VpnIPv4)

----------------------------------------------------------------------------------

Def. Instance 65002 30 0 00h10m17s 6/3/6

192.168.1.5 28 0 VPN-IPv4 Incapable

Def. Instance 65004 21 0 00h07m27s 6/2/7

192.168.1.10 23 0 VPN-IPv4 Incapable

===============================================================================

The above graphic shows a summary of the Autonomous Systems that the router has learned about and the amount of packet traffic it has received from those systems.

Alcatel-Lucent C


ot Distribute



Show BGP Group

Node_181>show>router>bgp# group bgp

=========================================================================

BGP Group : bgp

=========================================================================

Description : (Not Specified)

Group Type : No Type State : Up

Peer AS : n/a Local AS : 65001

Local Address : n/a Loop Detect : Ignore

Import Policy : None Specified / Inherited

Export Policy : rip

Hold Time : 90 Keep Alive : 30

Cluster Id : None Client Reflect : Enabled

NLRI : Unicast Preference : 170

List of Peers

- 192.168.1.5 : (Not Specified)

- 192.168.1.10 : (Not Specified)

Total Peers : 2 Established : 2

-------------------------------------------------------------------------

Peer Groups : 1

BGP, like RIP, uses the concept of Groups in its configuration. Inside the group, the operator will configure the neighbor information for the BGP protocol to use for peering. Note above, that there are two peers configured and the two sessions established.

Alcatel-Lucent C


ot Distribute



Show BGP Routes

Node_181>show>router>bgp# routes

===============================================================================

BGP Router ID : 172.0.0.181 AS : 65001 Local AS : 65001

===============================================================================

Legend -

Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid

Origin codes : i - IGP, e - EGP, ? - incomplete, > - best

===============================================================================

Flag Network Nexthop LocalPref MED

VPN Label As-Path

-------------------------------------------------------------------------------

u*>? 11.11.11.0/24 192.168.1.5 none none

65002

*? 11.11.11.0/24 192.168.1.10 none none

65004 65002

Press any key to continue (Q to quit)

The above graphic is just a portion of the output of the BGP routes. This shows all learned BGP routes to all destinations. It marks each route as valid, the origin of the route and whether the route is used or not. The > signifies the best route and this is the route that will be entered into the routing table.

Alcatel-Lucent C


ot Distribute



Protocol Summary

Feature

Updates

Update type

Authentication

Metric

Metric type

VLSM/CIDR support

Topology size

Transport protocol

Application port #

RIPv2

Periodic

Broadcast/Multicast

Simple & MD5

Hops

Distance vector

Yes

Small

UDP

520

BGP

Incremental

Unicast

MD5

Multiple

Adv. DV

Yes

Very large

TCP

179

OSPF

Incremental

Multicast

Simple & MD5

Cost

Link-state

Yes

Large

—

—

ISIS

Incremental

Multicast

Simple & MD5

Default

Link-state

Yes

Large

—

—

Protocol # — — 89 —

The comparison above shows the differences and similarities of the routing protocols that are supported on the Alcatel 7750 SR platforms. RIP, OSPF, and IS-IS are the IGPs and BGP is the EGP.

Alcatel-Lucent C


ot Distribute



Module Summary

This module provided a brief overview of BGP.BGP is an external routing protocol.Provided an understanding of IBGP and EBGPProvided an understanding of the operation of BGP and its route selection processBGP connects autonomous systems to other autonomous systems.Provided a high-level summary of the features of the routing protocols

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. Two BGP speakers establish a peering session. One BGP speaker isin AS 65001, and the other is in AS 65002. What type of peering session is it?

a. EGPb. IGPc. IBGPd. EBGP

2. BGP is referred to as a path vector protocol, which means that path selection is based on what?

a. AS Hop countb. Costc. AS numbersd. Default

Alcatel-Lucent C


ot Distribute




3. What transport layer protocol and port number does BGP use?a. TCP port 79b. UDP port 79c. TCP port 179d. UDP port 179

4. What does BGP require to work correctly within an AS?a. An IGPb. The BGP speakers must be configured with different AS

numbers.c. The BGP speakers must be installed on the edge of the network.

Alcatel-Lucent C


ot Distribute



LAB 6.1 – BGP

Pod1 Pod2

Pod3 Pod4

Core-Pod3

Core-Pod1

Core-Pod4

Core-Pod2

Edge-Pod1

Edge-Pod4Edge-Pod3

Edge-Pod2

65003

6500265001

65004

BGP

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent C


ot Distribute


Alcatel-Lucent C


ot Distribute


Module 9 — 7x50 SR/ESS Services Overview

Alcatel-Lucent C


ot Distribute



Module Objectives


Discuss the different services offered Understand the concepts of the components that make up a service Understand the function of a service tunnel Discuss the basics of MPLS

Alcatel-Lucent C


ot Distribute



Understanding Services

There are two main types of services on the 7x50 SR/ESS platforms:

Internet connectivityRepresented by the IES is a global serviceThe purpose of IES is to provide connectivity to the world as defined in the global routing table.

VPN services VPN services (VLL, VPLS, and VPRN) are, by their nature, restricted. You must define the scope of the VPN: what is allowed into it and how the nodes in the service connect to each other.

Note: The 7450 ESS does not support VPRN services.

Alcatel-Lucent C


ot Distribute



Network-Component Naming Conventions

CE

CE

PE

PEP

P

P

CE = customer edge

PE = provider edge

P = provider router

Customer Edge DevicesA CE device provides customer access to the service provider network over a data link to one or more PE routers. The end user typically owns and operates these devices. The CE devices run the routing protocol(s) of the end user and support the IP address scheme implemented by the end user. The devices are unaware of the existence of the MPLS protocol or the VPNs.

CE devices used in layer 2 VPNs may be Ethernet switches, in which case they do not need to participate in routing protocols. They must only be aware of VLANs running in the customer network.

Provider Edge DevicesA PE router is directly connected to the customer edge (CE) devices. In an MPLS network PE routers are LERs.

Provider RouterThe routers in the provider core network. In an MPLS provider network routers are LSRs.

Alcatel-Lucent C


ot Distribute



IES provides direct Internet access for the customer, with the following features:

From the customer’s perspective, it provides a direct connection to the Internet.The service provider can apply all billing, ingress/egress shaping, and policing to the customer.

Internet Enhanced Service

Service providernetwork

Internet

Company A

Company C

Company B

PE A

PE C

PE B

An IES is a routed connectivity service in which the subscriber communicates with an IP (layer 3) router interface to send and receive Internet traffic.

The IES allows the provider to shape and police traffic to conform to SLA parameters. This allows customers to purchase subrate Internet access with asymmetrical SLAs.

CharacteristicsA SAP acts as the access point to the subscriber’s network.

The interface supports RIP, OSPF, IS-IS, and BGP.

Does not require an SDP; traffic is routed rather than encapsulated in a tunnel.

Alcatel-Lucent C


ot Distribute



VLL Service

A VLL service provides a point-to-point connection between two nodes.

From the customer’s perspective, it looks as if a leased link exists between the two locations.The service provider can apply billing,ingress/egress shaping, and policing.

PE A PE C

PE B

PE D

IP / MPLSNetwork

e-pipe service

A VLL is a layer 2 point-to-point service. The VLL service encapsulates customer data and transports it across a service provider’s IP or MPLS network in a GRE or MPLS tunnel.

Customer access to the service provider’s network is through a SAP. A VLL service connects two access points on the same node or two access points on different nodes through two unidirectional tunnels. Each node needs to provide access to the service tunnel.

A basic VLL service must have the following:

A locally unique identification number

System IP address of the originating and far-end nodes

Tunnel encapsulation type: GRE or MPLS

Alcatel-Lucent C


ot Distribute



VPLS is a class of VPN that allows the connection of multiple sites in a single bridged domain over a provider-managed IP/MPLS network.

From the customer’s perspective, it looks as ifall sites are connected toa single switched VLAN.The service provider can reuse the IP/MPLS infrastructureto offer multiple services. The service provider can apply billing,ingress/egress shaping, and policing.

Virtual Private LAN Service

PE A PE C

PE B

PE D

IP / MPLSNetwork

IP/LSP Full-mesh

VPLS Service

The 7750 SR supports VPLS multipoint switched services. A VPLS is a multipoint layer 2 service that allows multiple customer sites to be connected in a single bridged domain contained in a provider-managed IP/MPLS network. Customer sites in the VPLS appear to be on the same LAN even if the sites are geographically dispersed.

A VPLS:

Uses an Ethernet interface on the customer access side to simplify provisioning

Enables customers to control and simplify routing strategies as all routers in the VPLS are part of the same LAN, which simplifies IP addressing

Is protocol-independent, which means there is no layer 2 protocol conversion between LAN and WAN technologies

A VPLS can span a single node or multiple nodes. On a VPLS that spans a single node, subscriber data is distributed through multiple access points on the node.

On a VPLS that spans multiple sites, customer data enters the service using at least one access point on each node. Data is transported among the nodes through service tunnels over an IP/MPLS provider core network. A VPLS that spans multiple nodes requires at least one service tunnel at each node.

VPLS services switch traffic based on MAC addresses (associated with the appropriate access points).

CE EquipmentAlthough VPLS is a layer 2 VPN service and allows the use of layer 2 switches as the CE devices, most customers use routers at the LAN/WAN boundary.

Using a router as the CE device means that the PE device must learn only one MAC address per site, per service.

Using a layer 2 switch as the CE device means that the PE device must learn potentially hundreds of MAC addresses per site, per service. The number of MAC addresses that the PE device must learn can be limited by using MAC filters and/or by limiting the maximum number of MAC addresses accepted by the PE device.

Alcatel-Lucent C


ot Distribute



VPRN is a class of VPN that allows the connection of multiple sites in a routed domain over a provider-managed IP/MPLS network.

From the customer’s perspective, it looks as ifall sites are connected to a private routed networkadministered by the service provider forthat customer only.The service provider can reuse the IP/MPLS infrastructureto offer multiple services.Each VPRN appears like anadditional routing instance. Routes for a service between the various PEs are exchangedusing MP-BGP.

Virtual Private Routed Network (RFC 4364)

PE A PE C

PE B

PE D

IP / MPLSNetwork

MP-BGP route

exchangefor all

services

VPRN Service

Red

RI-1

RI-1

RI-1

RI-1

RI-2

RI-2

RI-2

RI-2

VPRN ServiceGreen

RFC 4364 (which obsoletes RFC 2547) describes a method of distributing routing information and forwarding data to provide a layer 3 VPN service to end customers.

Each VPRN consists of a set of customer sites that are connected to one or more PE routers. Each associated PE router maintains a separate IP forwarding table for each VPRN. Additionally, the PE routers exchange the routing information configured or learned from all customer sites via MP-BGP peering.

Each route in a VPN is assigned an MPLS label. When BGP distributes a VPN route, it also distributes an MPLS label for the route.

Before a customer data packet travels across the service provider's backbone, it is encapsulated with the MPLS label that corresponds, in the customer's VPN, to the route that best matches the packet's destination address. The MPLS packet is further encapsulated with either another MPLS label or a GRE tunnel header so that it gets tunneled across the backbone to the proper PE router. Each route exchanged by MP-BGP includes a route distinguisher (RD), which identifies the VPRN association. The backbone core routers therefore do not need to know the VPN routes.

Alcatel-Lucent C


ot Distribute



Tunnel Encapsulation Types

GREEncapsulates traffic in an IP/GRE header; appears like an IP packetLow control plane overheadUses normal IP routing to find a path

MPLSUses LDP or RSVP for label signalingLDP auto-bind is available to simplify configurationLDP relies on an IGP to find its pathRSVP

Requires manual configurationCan be loose or strictMay reserve bandwidthCan use fast reroute to speed convergence

Generic Routing EncapsulationLow control plane overhead

Uses an IGP (e.g., OSPF, IS-IS) to find a path from edge to edge

Convergence depends on the IGP

MPLSUses LSPs (may use primary and secondary paths for protection)

Paths can be manually configured or signaled using LDP or RSVP-TE

Alcatel-Lucent C


ot Distribute



MPLS Terminology

LER(Label edge router)LSR (Label switch router)LSP (Label switch path)Push SwapPopLabel StackDoD (Downstream on demand)DU (Downstream unsolicited)RSVP-TE (Resource reservation protocol with traffic engineering extensions)T-LDP (Targeted label distribution protocol)

MPLS TerminologyMPLS has become the basic building block for the various services and VPNs offered on the 7750 SR platforms. The slide above lists some of the more common MPLS acronyms that are used when discussing services.

Alcatel-Lucent C


ot Distribute



MPLS Basics (continued)

LER LERLSR

In the case of services the LERs are normally located at the edge of the network while the LSRs are normally the core routers.

The MPLS-enabled routers (LERs and LSRs) use a signalling protocol to distribute labels across the network. These labels are used to make the forwarding decision for incoming traffic rather than the IP address. This basically turns the L3 network into an L2 or switch network.

The way the labels are distributed throughout the network depends on the signalling protocol used. LDP is DU, while RSVP is DoD. The next few slides discuss LDP at a high level. RSVP and a more in-depth discussion on LDP are covered in the MPLS/L3VPN course.

Alcatel-Lucent C


ot Distribute




LER LERLSR

LDPLDP

10.1.1.0/24

10.1.2.0/24

10.1.3.0/24

10.1.4.0/24

Router 1 Router 2 Router 320

1 2

Network Label Intf10.1.1.0/2410.1.2.0/24

20 1

In the figure above, LDP is enabled on Router 2 and Router 3. However, before any of this can happen the network must be running some sort of routing protocol. For LDP to set up a peering session, it must be able to find its way to the adjacent router, and that is done by the routing protocols.

When LDP is enabled, the protocol automatically sets up a peering session with adjacent LDP-enabled routers. When this session is established, the routers look at their routing tables and send out a label associated with networks that they see.

In the figure above, an LDP session is established between Router 2 and Router 3. Router 3 examines its routing table for networks that it sees behind it and sends a label to Router 2 to represent those networks. For example, Router 3 sends a label of 20 to represent networks 10.1.1.0/24 and 10.1.2.0/24.

Every time Router 2 receives a packet destined for the 10.1.1.0/24 or 10.1.2.0/24 network, it pushes the label value of 20 onto the packet and puts it in the LSP that takes the MPLS frame to Router 3. Because Router 3 has sent the label of 20 out, it knows that any MPLS frame coming in with the label of 20 is destined for a network that is terminated from it. Router 3 removes the 20 label from the frame, does a layer 3 look up, and routes the packet to its destination.

Alcatel-Lucent C


ot Distribute




LER LERLSR

LDPLDP

10.1.1.0/24

10.1.2.0/24

10.1.3.0/24

10.1.4.0/24


1 2

Network EgressLabel

Intf

10.1.1.0/2410.1.2.0/24 20 1

LDP 10

IngressLabel

10

1

In the figure above. LDP is now enabled on Router 1. Router 1 now sets up a peering session with Router 2. Router 2 sends a label to Router 1 to represent the networks that it sees behind it; in this case, Router 2 sends a label of 10 to Router 1 to represent the 10.1.1.0/24 and 10.1.2.0/24 networks. Note that the label is not the same as the one Router 2 received from Router 3. Labels are only locally significant. Router 1, when receiving a packet destined for the 10.1.1.0/24 or 10.1.2.0/24 network, pushes on a label of 10 and sends it to Router 2.

Router 2’s function has now changed. When it now receives an MPLS frame with a label of 10, it swaps (switches) out the 10 label, replaces it with a label of 20, and sends it out the interface to Router 3.

Router 3’s function remains the same; it removes the 20 label and routes the packet to its destination.

Alcatel-Lucent C


ot Distribute




LER LERLSR

LDPLDP

10.1.1.0/24

10.1.2.0/24

10.1.3.0/24

10.1.4.0/24


1 2

Network EgressLabel

Intf

10.1.1.0/2410.1.2.0/24 20 1

LDP 10

IngressLabel

10

LSP 10 LSP 20

10.1.2.0/2410.1.1.0/24Network Label Intf

10 1

Label

20 Route

The figure above shows the complete LSP setup from Router 1 to Router 3. Router 1’s function is to do a L3 lookup, and if the packet is destined for one of the networks supported by Router 3 it pushes (encapsulates the packet in an MPLS frame) the appropriate label onto the packet. This is the function of an LER.

When it receives the MPLS frame, Router 2 examines the label, swaps it for the appropriate egress label, and sends the frame out the appropriate interface to get to its destination. Router 2’s function is now an LSR and is basically a L2 switch function.

When receiving the MPLS frame, Router 3 examines the label and pops (removes the packet from the MPLS frame) the label, performs an L3 lookup, and routes the packet to the appropriate network.

Note that LSPs are unidirectional. For bidirectional communications, another LSP must be set up in the opposite direction.

Alcatel-Lucent C


ot Distribute



VPN Services

TunnelAccess

TunnelAccess

Service 2

Service 1

Service 2

Service 1Access

Access

Access

Access

Network

Tunnel (MPLS, GRE)

PE-A PE-B

•After a tunnel has been created, multiple services can be carried in it.•Operations on the tunnel affect all the services that are associated with the tunnel.•A tunnel uses the system IP address to identify the far-end 7750 SR.

Tunnel (MPLS, GRE)

It does not matter what type of VPN service is created, they all function using the same method. With reference to the figure above, the tunnel must be created first. As shown, the tunnel can be either GRE or MPLS. After the tunnel is created, a service can be created. The figure above shows two services being created, and each service will have a unique service number. The service number must match at both ends of the service. This service number will isolate Service 1 traffic from Service 2 traffic.

When the service has been created, the customer access point must be configured inside the service, thereby defining which port on the router belongs to the customer. When traffic comes into the router, the unique service number specifies which customer port the traffic is supposed to egress on.

The final step of the process is to associate the service with the tunnel that will take the traffic to its destination. As shown in the figure above, the tunnel is not tied to one specific service but instead can support multiple services.

Alcatel-Lucent C


ot Distribute



Physical Links, Tunnel LSPs, and VCs

Physicallink

Service tunnel

GRE/MPLS/LDPtunnels

7750 SRs are connected to physical links that are used to carry traffic. When a service is set up using MPLS, LSP tunnels are set up between PE routers. Each service or customer sends traffic through a service tunnel within the LSP tunnel.

Tunnel LSPs are identified by MPLS labels that are swapped at each intermediate node (transit LSR) along the LSP from the ingress to the egress of the MPLS network.

The VC label is used to identify which service or customer a packet belongs to. The label is attached at the ingress point and does not change value as the packet travels from ingress to egress.

Alcatel-Lucent C


ot Distribute



Module Summary

Overview of the Layer 2 and Layer 3 services offered.A high-level understanding to the function of a service tunnelA basic understanding of MPLS and the terminology

Alcatel-Lucent C


ot Distribute



Learning Assessment

1. An e-pipe (VLL) is a multipoint-to-multipoint service. True or False?

2. A VPLS allows multiple customer sites to be connected in:A. A single collision domainB. A single bridged domainC. A single routing domain

3. What protocol is used to exchange routing information between the PE routers in the service provider’s network, in RFC 4364 layer 3 VPNs?

Alcatel-Lucent C


ot Distribute




Left blank for notes page

1. An e-pipe (VLL) is a multipoint-to-multipoint service. True or False? FALSE

2. A VPLS allows multiple customer sites to be connected in:

A. A single collision domain

B. A single bridged domain

C. A single routing domain

3. What protocol is used to exchange routing information between the PE routers in the service provider’s network, in RFC 4364 layer 3 VPNs? MP-BGP

Alcatel-Lucent C


ot Distribute



Alcatel-Lucent C


ot Distribute

Date post:	03-Mar-2016
Category:	Documents
Upload:	zurgani-alaa
View:	236 times
Download:	5 times

Alcatel-Lucent Scalable IP Networks Student Guide

Documents